Content

MS Vulnerabilities MS04-001 - 003

Type
Vulnerability
SubType
-
Discovery Date
01/13/2004
Length
Minimum DAT
N/A ( )
Updated DAT
N/A ( )
Minimum Engine
N/A
Description Added
01/12/2004
Description Modified
01/13/2004 12:19 PM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

The following Microsoft vulnerabilities were announced on January 13, 2004.

MS04-001 - Vulnerability in H.323 Filter can Allow Remote Code Execution
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-001.mspx

MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-002.mspx

MS04-003 - Buffer Overrun in MDAC Function Could Allow code execution
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-003.mspx

Symptoms

N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited. 

Method of Infection

N/A

Removal

McAfee Security Entercept
McAfee Security Entercept protects users against code execution for all buffer overflow/overrun vulnerabilities that may be used against the MS04-003 vulnerability. This protection functions whether or not the server has the latest security patch installed.

McAfee Security IntruShield
McAfee Security IntruShield stops the MS04-003 vulnerability, with 1.8.13 signature set or later and will receive alerts on attacks exploiting this vulnerability. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

Sniffer Technologies and Netasyst Network Analyzer
Filters for the MS04-003 vulnerability have been created for Sniffer Distributed, Sniffer Portable and the Netasyst Network Analyzer to alert network managers to the presence of malicious traffic traveling in the network specific to these vulnerabilities and potential exploits.

  • Download filters for Netasyst Network Analyzer 1.0, Sniffer Portable 4.7 and 4.7.5 and Sniffer Distributed 4.1, 4.2 and 4.3
    • Package contains filters, importing instructions, and filter creation specifications

McAfee Security Desktop Firewall
 The MS04-003 vulnerability can be protected against by blocking UDP port 1434 using the McAfee Desktop Firewall.

It is also recommended that TCP port 1720 is blocked at the perimeter or gateway router to protect against MS04-001 attacks.

McAfee Security Threatscan
 ThreatScan signatures that detect computers, which do not have the MS04-001, MS04-002, or MS04-003 patched installed, are available.

Variants

Variants

    N/A

All Information

Overview -

Characteristics

Characteristics -

The following Microsoft vulnerabilities were announced on January 13, 2004.

MS04-001 - Vulnerability in H.323 Filter can Allow Remote Code Execution
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-001.mspx

MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-002.mspx

MS04-003 - Buffer Overrun in MDAC Function Could Allow code execution
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-003.mspx

Symptoms

Symptoms -

N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited. 

Method of Infection

Method of Infection -

N/A

Removal -

Removal -

McAfee Security Entercept
McAfee Security Entercept protects users against code execution for all buffer overflow/overrun vulnerabilities that may be used against the MS04-003 vulnerability. This protection functions whether or not the server has the latest security patch installed.

McAfee Security IntruShield
McAfee Security IntruShield stops the MS04-003 vulnerability, with 1.8.13 signature set or later and will receive alerts on attacks exploiting this vulnerability. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

Sniffer Technologies and Netasyst Network Analyzer
Filters for the MS04-003 vulnerability have been created for Sniffer Distributed, Sniffer Portable and the Netasyst Network Analyzer to alert network managers to the presence of malicious traffic traveling in the network specific to these vulnerabilities and potential exploits.

  • Download filters for Netasyst Network Analyzer 1.0, Sniffer Portable 4.7 and 4.7.5 and Sniffer Distributed 4.1, 4.2 and 4.3
    • Package contains filters, importing instructions, and filter creation specifications

McAfee Security Desktop Firewall
 The MS04-003 vulnerability can be protected against by blocking UDP port 1434 using the McAfee Desktop Firewall.

It is also recommended that TCP port 1720 is blocked at the perimeter or gateway router to protect against MS04-001 attacks.

McAfee Security Threatscan
 ThreatScan signatures that detect computers, which do not have the MS04-001, MS04-002, or MS04-003 patched installed, are available.

Variants

Variants -

    N/A