Nuevo "exploit" para vulnerabilidad ASN.1

18/02/2004 - 12:51 por Ille Corvus | Informe spam
Fuente:
http://www.informationweek.com/stor...jsessionidFNEPLQARMMUQSNDBGCKHY?articleID700565

Hackers Circulate New Code For Exploiting Windows Feb. 17, 2004

The code targets systems that haven't been patched against the flaw in
Microsoft's Abstract Syntax Notation 1 library.
By Gregg Keizer, TechWeb News

Just days after Microsoft alerted users of a major vulnerability in
Windows, exploit code is widely circulating on the Internet, a
security expert said Tuesday.

The code targets systems that haven't been patched against the flaw in
Microsoft's Abstract Syntax Notation 1 (ANS.1) library, a
vulnerability that was discovered in July 2003 by eEye Digital
Security, but not made public until earlier this month.

The exploit code, first found on Feb. 14--four days after the
vulnerability was disclosed--is fully functional and can crash
compromised Windows machines, said Ken Dunham, director of malicious
code research at iDefense. By Tuesday, iDefense had spotted three
separate exploits for the ANS.1 vulnerability, all of them widespread
on multiple discussion groups and hacker Web sites.

"The widespread distribution of this new exploit code has
significantly increased the threat level for ASN.1 possible attacks,"
said Dunham. "It's far more likely that we will soon see hacking,
trojans, and worms emerge against this vulnerability now that exploit
code is widely available."

Although most large companies have already started to roll out patches
for the ANS.1 vulnerability and should wrap up the chore this week,
there will still be countless targets for the exploit code, said
Dunham.

The exploit code causes the Microsoft Local Security Authority
Subsystem process, run by LSASS.exe, to crash. It can be sent via
Server Message Blocks or NetBIOS sharing protocols listening on ports
445 or 139.


Breve Resumen:
Unos dias despues de que Microsoft alertara a los usuarios sobre una
vulnerabilidad IMPORTANTE en Windows, esta circulando por la red
Internet un nuevo "exploit". Por lo visto el parche contra la
vulnerabilidad de la biblioteca ASN.1 (Abstract Syntac Notation.1) de
Microsoft no esta del todo acabado, esta vulnerabilidad fue
descubierta en Julio de 2003 por la empresas de seguridad Digital
eEye.

El "Exploit" se encontro cuatro dias despues de que la vulnerabilidad
fuera hecha publica.

El "exploit" causa que el LSASS.exe (proceso local) se interrumpa.


Habla de otras muchas cosas, pero lo importante es que tengais un
cortafuegos instalado y estar al dia en las actualizaciones de
seguridad de vuestro proveedor.

Tambien como recomendacion un software antivirus instalado y
actualizado.




Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)
 

Leer las respuestas

#1 rex
18/02/2004 - 13:11 | Informe spam
para dar una noticia, primero hay que dcoumentarse, cosa
que nunca haces y solo cortas y pegas.

Si es por ignorancia, incluso se te puede perdonar: pero
un ignorante debe estar incapacitado. Si es por mala fe,
entonces tambien estas incpacitado para darlas.

HAY QUE RESALTAR:
http://support.microsoft.com/defaul...cid=kb;en-
us;828028

(pegar todo en un link para verlo).



Fuente:
http://www.informationweek.com/stor...e.jhtml;js


essionidFNEPLQARMMUQSNDBGCKHY?articleID700565

Hackers Circulate New Code For Exploiting Windows Feb.


17, 2004

The code targets systems that haven't been patched


against the flaw in
Microsoft's Abstract Syntax Notation 1 library.
By Gregg Keizer, TechWeb News

Just days after Microsoft alerted users of a major


vulnerability in
Windows, exploit code is widely circulating on the


Internet, a
security expert said Tuesday.

The code targets systems that haven't been patched


against the flaw in
Microsoft's Abstract Syntax Notation 1 (ANS.1) library, a
vulnerability that was discovered in July 2003 by eEye


Digital
Security, but not made public until earlier this month.

The exploit code, first found on Feb. 14--four days


after the
vulnerability was disclosed--is fully functional and can


crash
compromised Windows machines, said Ken Dunham, director


of malicious
code research at iDefense. By Tuesday, iDefense had


spotted three
separate exploits for the ANS.1 vulnerability, all of


them widespread
on multiple discussion groups and hacker Web sites.

"The widespread distribution of this new exploit code has
significantly increased the threat level for ASN.1


possible attacks,"
said Dunham. "It's far more likely that we will soon see


hacking,
trojans, and worms emerge against this vulnerability now


that exploit
code is widely available."

Although most large companies have already started to


roll out patches
for the ANS.1 vulnerability and should wrap up the chore


this week,
there will still be countless targets for the exploit


code, said
Dunham.

The exploit code causes the Microsoft Local Security


Authority
Subsystem process, run by LSASS.exe, to crash. It can be


sent via
Server Message Blocks or NetBIOS sharing protocols


listening on ports
445 or 139.


Breve Resumen:
Unos dias despues de que Microsoft alertara a los


usuarios sobre una
vulnerabilidad IMPORTANTE en Windows, esta circulando


por la red
Internet un nuevo "exploit". Por lo visto el parche


contra la
vulnerabilidad de la biblioteca ASN.1 (Abstract Syntac


Notation.1) de
Microsoft no esta del todo acabado, esta vulnerabilidad


fue
descubierta en Julio de 2003 por la empresas de


seguridad Digital
eEye.

El "Exploit" se encontro cuatro dias despues de que la


vulnerabilidad
fuera hecha publica.

El "exploit" causa que el LSASS.exe (proceso local) se


interrumpa.


Habla de otras muchas cosas, pero lo importante es que


tengais un
cortafuegos instalado y estar al dia en las


actualizaciones de
seguridad de vuestro proveedor.

Tambien como recomendacion un software antivirus


instalado y
actualizado.




Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)
.

Preguntas similares