Contact Us
Windows ASN.1 Vulnerability
- URL: http://www.secureworks.com/research/threats/msasn1advisory
- Date: February 9, 2004
- Author: Joe Stewart
***Critical Vulnerability and Patch Announced***
Microsoft has released Microsoft Security Bulletin MS04-007 "ASN.1 Vulnerability Could Allow Code Execution (828028)." This critical vulnerability affects all Microsoft Windows devices and has potential for widespread impact through the execution of arbitrary code execution via a heap corruption.
Details:
The vulnerability exists due to an integer overflow condition associated with the length of ASN.1 (Abstract Syntax Notation) packets. The ASN.1 library is used by many of the security and authentication services on Windows operating systems. Because ASN.1 is a standard for many applications and devices, there are many potential attack vectors. These include Kerberos, NTLMv2 authentication, and applications that using certificates such as SSL, digitally-signed e-mail, and signed ActiveX controls. Some well known ports susceptible to this vulnerability include ports 135, 139, 443, 445, 500. However, while specifically blocking these ports is good practice, this may not be feasible for many networks and exploit could also use many other vectors associated with third party applications and other ports. If properly exploited, a remote attacker could execute arbitrary code with system level privileges.
Solution:
There is much speculation occurring at this time about the ease of exploit and the expected time frame for publicly released exploit code regarding this vulnerability. Due to the high publicity, criticality if exploited, and widespread distribution of affected software, SecureWorks recommends implementing a patch strategy that will secure the most critical servers first. This involves patching all public facing Windows devices first, followed by internal Windows servers, and finally all internal client systems. Microsoft has released a patch located at Microsoft's site which is dependent upon the operating system in use. Alternatively, system administrators could apply the patch via Windows Update functionality. An added benefit to this method is that the Windows Update service will alert you to any critical patches systems are currently lacking and should be applied.
