Microsoft on Wednesday issued a prepatch advisory to counter the publication of exploit code for a newly discovered vulnerability in its implementation of TCP/IP. The Redmond, Wash., company's confirmation of the flaw is the first public test of the software giant's new security advisories pilot project, which is meant to provide instant feedback, guidance and mitigations when third-party researchers release vulnerability details and exploits before a patch is available.
In this case, Microsoft Corp.'s Security Advisory 899480 comes 24 hours after an alert with accompanying exploit code was published by FrSIRT (French Security Incident Response Team), a private research outfit. "Various TCP implementations could allow a remote attacker to set arbitrary timer values for a TCP connection. An attacker who successfully exploited this vulnerability could cause the affected system to reset existing TCP connections. Those connections would have to be re-established for communication to continue," Microsoft said in its advisory.
News source: eWeek
In this case, Microsoft Corp.'s Security Advisory 899480 comes 24 hours after an alert with accompanying exploit code was published by FrSIRT (French Security Incident Response Team), a private research outfit. "Various TCP implementations could allow a remote attacker to set arbitrary timer values for a TCP connection. An attacker who successfully exploited this vulnerability could cause the affected system to reset existing TCP connections. Those connections would have to be re-established for communication to continue," Microsoft said in its advisory.
News source: eWeek
What's Included: (new/updated entries are marked like this):
Windows XP SP2 - Critical Updates
KB834707: Cumulative Security Update for Internet Explorer
KB873339: Vulnerability in HyperTerminal could allow code execution
KB873374: Microsoft GDI+ Detection Tool
KB885626: Your computer stops responding when you restart to complete the installation of Windows XP SP2
KB885835: Vulnerabilities in Windows Kernel and LSASS could allow elevation of privilege
KB885836: A vulnerability in WordPad could allow code execution
KB886185: Windows Firewall "My Network (subnet) only" scoping
KB890175: Vulnerability in HTML Help could allow code execution
KB890830: Malicious Software Removal Tool
KB867282: Cumulative Security Update for IE for XP Service Pack 2
KB873333: Security Update for Windows XP
KB885250: Security Update for Windows XP
KB886903: Security Update for .NET Framework 1.1 SP1
KB888113: Security Update for Windows XP
KB888302: Security Update for Windows XP
KB890047: Security Update for Windows XP
KB891781: Security Update for Windows XP
KB890923: Cumulative Security Update for Internet Explorer
KB892944: Vulnerability in Message Queuing Could Allow Code Execution
KB893066: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service
KB890859: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service
KB893086: Vulnerability in Windows Shell that Could Allow Remote Code Execution
KB890830: Malicious Software Removal Tool v1.4
Windows XP SP2 - Recommended updates
KB831240: Update for HighMAT support in the Windows XP CD Writing Wizard
KB884020: Loopback IP address range problem
KB885222: Performance of 1394 devices may decrease after you install Windows XP SP2
KB886677: Corrupt DBCS characters in Internet Explorer on Windows XP
KB887742: Stop error "Stop 0x05" in Windows XP SP2 or Windows Server 2003
KB887797: Cumulative Update for Outlook Express for Windows XP
KB888240: Add-ons not listed in Internet Explorer on Windows XP SP2
KB890831: Input Method Editor disabled when using MSN Messenger in Windows XP SP2
KB891122: Update for DRM-enabled Media Players
KB892313: Fix for problems when playing MPEG4 videos in WMP 10
KB893357: Update for Windows XP
KB895181: Fix for MPEG4 videos in Windows Media Player 10
Add-ons
Adaptec ASPI
Bootvis 1.3.37 (only in Full)
Official Windows XP PowerToys
Copy Profile Tool
DirectX Control Panel
Google Toolbar (only in Full)
ieSpellcheck (only in Full)
PowerMenu 1.5.1
Startup Control Panel 2.8
New XP Style Wallpapers (only in Full)
New XP Screensavers (only in Full)
.NET Framework 1.1 (+SP1) (only in Full)
Windows Media Player 10.0.3802 (only in Full)
Windows Journal Viewer 1.5 (only in Full)
Windows Installer 3.1
Windows Messenger 5.1 (only in Full)
Macromedia Shockwave Player (only in Full)
Windows Media Connect (only in Full)
MSN Messenger 7.0.0813 (only in Full)
New Theme: Royale (only in Full)
New Wallpapers (only in Full)
New AutoPatcher Wallpaper - based on "Aquastyle" (only in Full)
Sun Java 1.5.0_03 (only in Full)
And of course a lot of registry tweaks which improve speed, appearance, functionality and security!
File Size & MD5 Hashes
English May 2005 Full File Size: 145 MB (152867521 bytes)
English May 2005 Full MD5 Hash: 4c896c5b4500fbccf0435608f01455fe
English May 2005 Lite File Size: 64.8 MB (67962056 bytes)
English May 2005 Lite MD5 Hash: 372e9a75bac36fca8fe73082e208203c
English May 2005 Update File Size: 39.7 MB (41656655 bytes)
English May 2005 Update MD5 Hash: 1b75edbdda38f49df8468fa5dc7a2904
Portuguese May 2005 Full File Size: 143 MB (150422974 bytes)
Portuguese May 2005 Full MD5 Hash: 74fb6d02505414952900b82a4ed79c00
Portuguese May 2005 Lite File Size: 66.1 MB (69316771 bytes)
Portuguese May 2005 Lite MD5 Hash: b82b2ed47cfa35292b64f58b6b35bdd6
Portuguese May 2005 Update File Size: 51.6 MB (54189222 bytes)
Portuguese May 2005 Update MD5 Hash: 00ace27b23df67c5383a167b929694c1
i don't know if i made myself clear
Last edited by 69181 on 19 May 2005 - 01:06
Last edited by 21023 on 19 May 2005 - 06:42
This important information was left out of the news......
• Customers who have installed Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, or the MS05-019 security update are not affected by this vulnerability.
• For an attacker to try to exploit this vulnerability, they must first predict or learn the IP address and port information of the source and of the destination of an existing TCP network connection. Protocols or programs that maintain long sessions and that have predictable TCP/IP information are at an increased risk for this issue.
• This attack would have to be performed on each TCP connection that was targeted for reset. Many applications will automatically restore connections that have been reset.
• This issue does not affect Windows 98, Windows 98 SE, or Windows Millennium Edition.
• This attack requires the TCP Timestamp Option registry setting to be enabled. This setting is enabled by default. However, this option can be disabled. Systems that have disabled this setting are not affected by this vulnerability. For more information about this setting, visit the following Web site.
What is the scope of the advisory?
Microsoft has been made aware of a new vulnerability report affecting TCP/IP, a network component of Microsoft Windows. This affects the software that is listed in the “Overview” section. It is similar in scope to other TCP connection reset issues.
Is this a security vulnerability that requires Microsoft to issue a new security update?
No. Customers who have installed Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, or the MS05-019 security update are not affected by this vulnerability. No additional update is required.
What causes this threat?
Various TCP implementations could allow a remote attacker to set arbitrary timer values for a TCP connection. An attacker who successfully exploited this vulnerability could cause the affected system to reset existing TCP connections. Those connections would have to be reestablished for communication to continue. This denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights. We do not consider this to be a significant threat to the security of the Internet.
What might an attacker use this function to do?
An attacker who exploited this vulnerability could cause the affected system to reset TCP connections.
Will this vulnerability be documented in the MS05-019 security bulletin?
No. This vulnerability does not reproduce on systems that are fully updated. No additional security update is required. Therefore, it would not be appropriate to update the previously released security bulletin.
Top of sectionTop of section
http://www.microsoft.com/technet/security/...ory/899480.mspx
Microsoft updated this bulletin today to advise customers that we plan to re-release the MS05-019 security update in June, 2005. The original security update successfully addressed the vulnerabilities described in this security bulletin. However, there is a known network connectivity issue that affects a particular type of network configuration when using the original security update. Until the re-release of this security update is available, customers experiencing the symptoms described in Microsoft Knowledge Base Article 898060 should follow the documented instructions to address this issue. If you are not experiencing this network connectivity issue we recommend that you install the currently available security update to help protect against the vulnerabilities described in this security bulletin.
While this re-release is only intended to address the issue that is described in Microsoft Knowledge Base Article 898060, we are planning to distribute the re-release broadly to customers to help reduce the likelihood that customers will encounter this network connectivity issue in the future. When re-released, the revised security update will be available through Windows Update, Software Update Services (SUS), and will be recommended by the Microsoft Baseline Security Analyzer (MBSA).
http://www.microsoft.com/technet/security/...n/MS05-019.mspx
Last edited by 335 on 18 May 2005 - 23:33
OpenBSD
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.