Microsoft Corp warned yesterday of a “critical” security vulnerability in most recent versions of Windows that could be exploited remotely by a malicious hacker to completely take over a target machine.
The company issued a patch for the problem, along with a patch for a less-serious vulnerability, and stressed to users of Windows NT 4.0, 2000, XP and 2003, the importance of applying this latest fix.
The vulnerability is in Microsoft’s implementation of Abstract Syntax Notation 1 (ASN.1), a method of representing data Microsoft described as a language for defining standards.
It’s another unchecked buffer that, if overrun, allows malicious code to be executed. An attacker with an exploit could take pretty much whatever action they wanted to on the vulnerable machine.
Because ASN.1 is a standard for many applications and devices, there are many potential attack vectors, Microsoft said in its advisory. For example, when using authentication protocols based on ASN.1 it could be possible to construct a malformed authentication request that could expose this vulnerability.
This vulnerability was discovered in July 2003 by researchers at eEye Digital Security Inc. eEye’s chief hacking officer Marc Maiffret yesterday criticized Microsoft’s tardiness in issuing a patch (see separate article in this issue).
In a separate advisory, Microsoft warned of an Important patch for its Windows Internet Naming Service software, to fix a vulnerability discovered by Qualys Inc. Important is Microsoft’s second-highest rank for security problems.
WINS maps IP addresses to NetBIOS addresses and vice versa. Gerhard Eschelbeck, CTO of Qualys, said the vulnerability, if exploited on the one server, could bring down the entire network of Windows machines that depended on it.
This article is based on material originally published by ComputerWire