New MS Vulnerabilities Information from Symantec
New MS Vulnerabilities Information from Symantec
Symantec currently provides system and network protection for three new vulnerabilities announced today by Microsoft: MS ASN.1 Integer Overflow, Cumulative Security Update for Internet Explorer and Windows Internet Naming Service (WINS) Buffer Overflow.
These vulnerabilities have been reviewed by Symantec Security Response, and Symantec recommends that users update the services affected, via the Microsoft windows update Website. Symantec also recommends that users implement best security practices such as restricting external access to all ports and services that are not explicitly intended to be accessible by remote parties. This action will limit exposure to these and other latent vulnerabilities. If appropriate, firewalls should also be deployed on individual systems to restrict access and network intrusion detection systems (NIDS) should be deployed to monitor network traffic for any suspicious or anomalous activity.
Microsoft Vulnerabilities Overview
· MS ASN.1 Integer Overflow (828028) -- Critical Rating The buffer overflow vulnerability in Microsoft ASN.1 could allow an attacker who successfully exploited this vulnerability to execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.
· Cumulative Security Update for Internet Explorer (832894) -- Critical Rating For the Internet Explorer vulnerability, systems administrators should apply the security update immediately.
· Windows Internet Naming Service (WINS) Buffer Overflow (830352) -- Important Rating The vulnerability in Windows Internet Naming Service (WINS) could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail on Windows Server 2003. This could potentially cause a denial of service, and the service would have to be manually restarted to restore functionality. An attack on Windows 2000 and Windows NT 4.0 could cause a degradation in performance. WINS will then return to normal levels of functionality. A number of mitigating factors exist for this vulnerability. For example, the WINS service is not installed by default. In addition, when running on Windows Server 2003, WINS will automatically restart if attacked.
More information can be found at http://www.microsoft.com/security/security%5Fbulletins/.
Symantec Solutions Protecting Against New Microsoft Vulnerabilities Symantec Security Solutions
* Symantec DeepSight Threat Management System/Symantec DeepSight Alert Services - For Symantec DeepSight Threat Management System, the vulnerabilities have been summarized on the Daily Summary Reports sent to customers. Symantec is closely monitoring global activity for signs of attack and will deliver additional notifications as required. For Symantec DeepSight Alert Services, a notification has been distributed on the new vulnerabilities.
* Symantec Managed Security Services - MSS Managed Systems running Windows Operating Systems are not susceptible to the WINS vulnerability as those components & services are disabled as part of our standard baseline and system hardening process. MSS Managed Systems running Windows Operating Systems are vulnerable to the ASN.1 vulnerability. Due to the potential impact of this vulnerability, all affected systems are currently being updated via MSS emergency patch rollout procedures. MSS has contacted managed customers about this vulnerability and will continue to update customers on the status of this vulnerability via the MSS Secure Internet Interface.
* Symantec Gateway Security/Symantec Enterprise Firewall -- By default, Symantec's full application inspection firewall technology protects against the Microsoft ASN.1 and WINS vulnerabilities.
* Symantec Client Security/AntiVirus Solutions - Symantec has created heuristic detection for the Microsoft ASN.1 vulnerability.
* Symantec ManHunt - Symantec has released a signature to protect against the WINS vulnerability. ends