Content

MS Vulnerabilities MS04-005 - 007

Type
Vulnerability
SubType
Microsoft
Discovery Date
02/10/2004
Length
Minimum DAT
N/A ( )
Updated DAT
N/A ( )
Minimum Engine
N/A
Description Added
02/09/2004
Description Modified
02/10/2004 10:52 AM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

The following Microsoft vulnerabilities were announced on February 10, 2004.

MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-005.mspx

MS04-006 - Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-006.mspx

MS04-007 - ASN .1 Vulnerability that Could Allow Code Execution (828028)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx

Symptoms

N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited.

Method of Infection

N/A

Removal

McAfee Desktop Firewall  
 To help protect against the MS04-006 vulnerability users should block TCP port 42 at the firewall. This port is used to initiate a connection with a remote WINS server. Blocking this port at the firewall will help prevent systems behind that firewall from being attacked by attempts to exploit this vulnerability. It is possible that other ports may be found that could be used to exploit this vulnerability. The port listed is the most common attack vector. Microsoft recommends blocking all inbound unsolicited communication from the Internet. This would help to mitigate against other attack vectors using other ports.

McAfee Entercept
 By default, McAfee Entercept protects users against execution of injected code due to a buffer overflow/overrun vulnerability such as the MS04-006, and MS04-007 vulnerabilities. This protection functions whether or not the machine has the latest security patch installed.

McAfee IntruShield
 McAfee IntruShield signature sets 1.5.31 and 1.8.18 or later will be updated to include detection for the MS04-006 and MS04-007 vulnerabilities. With the new signature set, McAfee IntruShield deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

Sniffer Technologies
 A filter for the MS04-006 vulnerability has been created for Sniffer Distributed, Sniffer Portable and the Netasyst network analyzer to alert network managers to the presence of malicious traffic traveling in the network specific to these vulnerabilities and potential exploits.

McAfee Security Threatscan
McAfee Threatscan users should update both the server and agent signatures to provide protection for the MS04-006, MS04-007 vulnerabilities.  Ensure that all ThreatScan installations are updated to version (2004-02-02).

Variants

Variants

    N/A

All Information

Overview -

Characteristics

Characteristics -

The following Microsoft vulnerabilities were announced on February 10, 2004.

MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-005.mspx

MS04-006 - Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-006.mspx

MS04-007 - ASN .1 Vulnerability that Could Allow Code Execution (828028)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx

Symptoms

Symptoms -

N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited.

Method of Infection

Method of Infection -

N/A

Removal -

Removal -

McAfee Desktop Firewall  
 To help protect against the MS04-006 vulnerability users should block TCP port 42 at the firewall. This port is used to initiate a connection with a remote WINS server. Blocking this port at the firewall will help prevent systems behind that firewall from being attacked by attempts to exploit this vulnerability. It is possible that other ports may be found that could be used to exploit this vulnerability. The port listed is the most common attack vector. Microsoft recommends blocking all inbound unsolicited communication from the Internet. This would help to mitigate against other attack vectors using other ports.

McAfee Entercept
 By default, McAfee Entercept protects users against execution of injected code due to a buffer overflow/overrun vulnerability such as the MS04-006, and MS04-007 vulnerabilities. This protection functions whether or not the machine has the latest security patch installed.

McAfee IntruShield
 McAfee IntruShield signature sets 1.5.31 and 1.8.18 or later will be updated to include detection for the MS04-006 and MS04-007 vulnerabilities. With the new signature set, McAfee IntruShield deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

Sniffer Technologies
 A filter for the MS04-006 vulnerability has been created for Sniffer Distributed, Sniffer Portable and the Netasyst network analyzer to alert network managers to the presence of malicious traffic traveling in the network specific to these vulnerabilities and potential exploits.

McAfee Security Threatscan
McAfee Threatscan users should update both the server and agent signatures to provide protection for the MS04-006, MS04-007 vulnerabilities.  Ensure that all ThreatScan installations are updated to version (2004-02-02).

Variants

Variants -

    N/A