TITLE:
Windows Remote Installation Service Writable Path
Vulnerability
SECUNIA ADVISORY ID:
SA23312
VERIFY ADVISORY:
http://secunia.c
om/advisories/23312/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From local network
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows,
which
can be
exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to the Remote Installation
Service
enabling a TFTP service, which by default allows anonymous
users to
upload malicious files or overwrite existing operating
system
files.
SOLUTION:
Apply patch.
Microsoft Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0ed62db9-4534-4f27-a49
e-020c7a7d69e0
ORIGINAL ADVISORY:
MS06-077 (KB926121):
http://www.microsoft.com/technet/security/Bullet
in/MS06-077.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|