Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20744
HistoryOct 24, 2008 - 12:00 a.m.

US-CERT Technical Cyber Security Alert TA08-297A -- Microsoft Windows Server Service RPC Vulnerability

2008-10-2400:00:00
vulners.com
74
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                 National Cyber Alert System

           Technical Cyber Security Alert TA08-297A

Microsoft Windows Server Service RPC Vulnerability

Original release date: October 23, 2008
Last revised: –
Source: US-CERT

Systems Affected

 * Microsoft Windows 2000
 * Microsoft Windows XP
 * Microsoft Windows Server 2003
 * Microsoft Windows Vista
 * Microsoft Windows Server 2008

Overview

A vulnerability in the way the Microsoft Windows server service
handles RPC requests could allow an unauthenticated, remote
attacker to execute arbitrary code with SYSTEM privileges.

I. Description

Microsoft has released Microsoft Security Bulletin MS08-067 to
address a buffer oveflow vulnerability in the Windows Server
service. The vulnerability is caused by a flaw in the way the
Server service handles Remote Procedure Call (RPC) requests. For
systems running Windows 2000, XP, and Server 2003, a remote,
unauthenticated attacker could exploit this vulnerability. For
systems running Windows Vista and Server 2008, a remote attacker
would most likely need to authenticate.

Microsoft Security Bulletin MS08-067 rates this vulnerability as
"Critical" for Windows 2000, XP, and Server 2003. The bulletin also
notes "…limited, targeted attacks attempting to exploit the
vulnerability."

This vulnerability has been assigned CVE-2008-4250. Further
information is available in a Security Vulnerability & Research
blog entry and US-CERT Vulnerability Note VU#827267.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or
cause a vulnerable system to crash. Since the Server service runs
with SYSTEM privileges, an attacker could take complete control of
a vulnerable system.

III. Solution

Apply update

Microsoft has provided updates for this vulnerability in Microsoft
Security Bulletin MS08-067. Microsoft also provides security
updates through the Microsoft Update web site and Automatic
Updates. System administrators should consider using an automated
update distribution system such as Windows Server Update Services
(WSUS).

Disable Server and Computer Browser services

Disable the Server and Computer Browser services on Windows systems
that do not require those services. A typical Windows client that
is not sharing files or printers is unlikely to need either the
Server or Computer Browser services. As a best security practice,
disable all unnecessary services.

Restrict access to server service

Restrict access to the server service (TCP ports 139 and 445). As a
best security practice, only allow access to necessary network
services.

Filter affected RPC identifier

The host firewalls in Windows Vista and Windows Server 2008 can
selectively filter RPC Universally Unique Identifiers (UUID). See
Microsoft Security Bulletin MS08-067 for instructions to filter RPC
requests with the UUID equal to
4b324fc8-1670-01d3-1278-5a47bf6ee188.

IV. References

 * US-CERT Vulnerability Note VU#827267 -
   <http://www.kb.cert.org/vuls/id/827267>

 * Microsoft Security Bulletin MS08-067 -
   <http://www.microsoft.com/technet/security/Bulletin/
   ms08-067.mspx>

 * Microsoft Update - <https://update.microsoft.com/>

 * Windows Update: Automatic Update
   <http://www.microsoft.com/windows/downloads/windowsupdate/
   automaticupdate.mspx>

 * Windows Server Update Services (WSUS) Home -
   <http://technet.microsoft.com/en-us/wsus/default.aspx>

 * CVE-2008-4250 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250>

 * More detail about MS08-067, the out-of-band netapi32.dll
   security update -
   <http://blogs.technet.com/swi/archive/2008/10/23/
   More-detail-about-MS08-067.aspx>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA08-297A.html>

Feedback can be directed to US-CERT Technical Staff. Please send
email to <[email protected]> with "TA08-297A Feedback VU#827267" in
the subject.

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html&gt;.

Produced 2008 by US-CERT, a government organization.

Terms of use:

 &lt;http://www.us-cert.gov/legal.html&gt;

Revision History

October 23, 2008: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSQDoMnIHljM+H4irAQJaYwgAwTlLruLijREi3IjEanhKH9DOFykxE9Mr
Mmt4yurwHjt+TPMyqgzPGuk44xd5ySPTm0qIszwIXSiIDYS50PNhg0atluiQeLVC
ToFNdd6W++75upBIQMkYUENj4GHExDcMOs0uMjlIcjqUGIERlqRHnkIWDvMU0ouc
pKnx4p50IimdVMlabHbZ1AiL1tRWFgsc0IM2FExpyVpHKXy6dCXjMbfV5pPgB23l
0CaRk5ENONr9BPDx0nN/1hwS6cQ5vaU7/i6KH1GL+hPkAAEvns002FUHPoUiaj2W
Z415eNR3psa9vDU0hsajsqySbXcgUSSW12M0FxRb2DP5HSxriXi0IQ==
=vk3f
-----END PGP SIGNATURE-----

Related

openvas 9
prion 1
securityvulns 2
cert 1
saint 4
checkpoint_advisories 3
canvas 1
attackerkb 1
nessus 3
seebug 2
zdt 1
huawei 1
cve 1
ics 1
nmap 1
trendmicroblog 1
openvas
openvas
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
2008-10-30 00:00:00
Server Service Could Allow Remote Code Execution Vulnerability (958644)
2008-10-24 00:00:00
Huawei Data Communication: Remote Code Execution Vulnerability in Microsoft Windows Server Service (huawei-sa-20171129-01-windows)
2020-06-05 00:00:00
prion
prion
Design/Logic Flaw
2008-10-23 22:00:00
securityvulns
securityvulns
Microsoft Windows code execution
2008-11-04 00:00:00
Microsoft Security Bulletin MS08-067 – Critical Vulnerability in Server Service Could Allow Remote Code Execution &#40;958644&#41;
2008-10-24 00:00:00
cert
cert
Microsoft Server service RPC stack buffer overflow vulnerability
2008-10-23 00:00:00
saint
saint
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
Windows Server Service buffer overflow MS08-067
2008-10-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Eclipsedwing RPC Buffer Overflow (CVE-2008-4250)
2017-04-27 00:00:00
Microsoft RPC Services Path Canonicalization Remote Code Execution (CVE-2008-4250)
2013-07-21 00:00:00
Microsoft Windows Server Service RPC Request Buffer Overflow (MS08-067; CVE-2008-4250)
2008-10-23 00:00:00
canvas
canvas
Immunity Canvas: MS08_067
2008-10-23 22:00:00
attackerkb
attackerkb
Microsoft RPC Code Execution MS08-067
2020-04-13 00:00:00
nessus
nessus
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)
2008-10-23 00:00:00
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution (958644) (ECLIPSEDWING)
2008-10-23 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
seebug
seebug
Windows ms08-067 缓冲区溢出漏洞
2012-10-15 00:00:00
Windows Server服务RPC请求缓冲区溢出漏洞(MS08-067)
2008-10-24 00:00:00
zdt
zdt
Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Exploit
2016-02-26 00:00:00
huawei
huawei
Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service
2017-11-29 00:00:00
cve
cve
CVE-2008-4250
2008-10-23 22:00:00
ics
ics
Siemens Molecular Imaging Vulnerabilities
2017-08-03 12:00:00
nmap
nmap
smb-vuln-ms08-067 NSE Script
2015-10-03 06:07:49
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017
2017-04-21 18:23:45
JSON
Related for SECURITYVULNS:DOC:20744
openvas9prion1securityvulns2cert1saint4checkpoint_advisories3canvas1attackerkb1nessus3seebug2zdt1huawei1cve1ics1nmap1trendmicroblog1