台灣
RSS
Outpost 個人防火牆 - Vulnerabilities in COM + and MSDTC May Lead to Local Privilege Elevation
Agnitum Security Advisories
ASA-08-0510-4: Vulnerabilities in COM + and MSDTC May Lead to Local Privilege Elevation
Vulnerability summary:
|
Severity rating:
|
Critical to Important, based on configuration
|
|
|
Date Published:
|
October 11, 2005
|
|
|
Software Vendor:
|
Microsoft
|
|
|
Affected Software:
|
Microsoft Distributed Transaction Coordinator (MSDTC), COM+
|
|
|
Affected OS:
|
Windows XP (all), Windows Server 2003 (all), Microsoft Windows XP Professional x64 Edition, Windows 2000 (all), Windows 98 (incl. SE), Windows Millennium Edition (ME)
|
|
|
Unaffected with:
|
-
|
|
|
Vulnerability class:
|
Remote Code Execution
|
|
|
Status:
|
Fixed
|
Vulnerability details:
Tech brief:
Remote code execution vulnerability exists in COM+ and MSDTC components that could allow a successful attacker to take control of the affected system. By elevating local privilege on a computer, an attacker can then install and run arbitrary programs, view, change, or delete data; or create new accounts with full user rights.
On Windows 2000 and Windows XP Service Pack 1, an anonymous attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message over the network to the affected system. The message could then trigger the execution malicious code. On Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1, an attacker must be able to log on locally to a system to be able to exploit the vulnerability.
MSDTC is used by applications such as SQL Server, BizTalk Server, Exchange Server, or Message Queuing. Also, this service is required in most clustering configurations.
COM+ handles resource management tasks, such as thread allocation and security. It automatically makes applications more scalable by providing thread pooling, object pooling, and just-in-time object activation. COM+ also helps protect the integrity of data by providing transaction support even if a transaction spans multiple databases over a network.
Vendor reference information:
Vendor details pertaining to the problem are available here:
http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx
General Mitigating Recommendations:
Install latest vendor patches available at http://windowsupdate.microsoft.com.
How Outpost Firewall PRO protects you:
Outpost automatically closes the unneeded ports, including the ones through which the vulnerability can be exploited.
Disclaimer:
Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn't accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
關於Version 2 Limited
Version 2 Limited 是亞洲其中一間最有活力的IT公司,公司發展及代理各種不同的互聯網及IP-Based 網絡IT產品,當中包括通訊系統、保安、網絡及媒體產品。透過公司龐大的網絡、銷售點、分銷商及合作顆伴,Version 2 Limited 便可提供廣被市場讚賞的產品及服務。Version 2 Limited 客戶來自各行各業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的客戶。
如對產品有興趣,可瀏覽以下網址:
http://www.version-2.com/op
http://www.version-2.com/nod32op
