Feb 12 2004
Please get patched!
Earlier this week Microsoft released a patch for a vulnerability in the ASN.1 library, and many experts are saying that this may be the single vulnerability ever discovered. This vulnerability affects all versions of Microsoft Windows based on the NT kernel, which is NT, 2000, XP and 2003. ASN.1 is used as a base library in many different modules in Windows, including Kerberos, NTLMv2, and IIS using SSL. Here are some links to information about the vulnerability.
- Microsoft Technical Bulletion MS04-007 ASN.1 Vulnerability Could Allow Code Execution. The stuff right from the horses … mouth.
- Eeye Security Advisory These are the guys that discovered the vulnerability and reported it to Microsoft. Two hundred days before Microsoft fixed it, that is. Oh yeah, they have 7 more vulnerabilities they’ve told M$ about, and 5 of them are considered to be of high severity.
- SearchSecurity An article about the possibilities from the vulnerability.
So get yourself patched!
One Response to “Please get patched!”
I’m still not sure there is a real reason to patch. The current exploit can do nothing more than a DoS. I agree, the position of the vulnerability in the Windows infrastructure is pretty critical, but what assures us that there won’t be another of that quality with a real exploit that allows remote code execution in the near future?
I’d hate to send our admins into a frenzy patching only to repeat this every second week…