G
Guest
I had to restore the operating system and when I re-install the msn messenger
this window came up with this info at www.updatepatch.info.
I didn't install it because they charge $19.99 to download it but I found it
kind of strange isn't in the windows website. Does any body know if we
really need this patCH?
THanks
THis is what the window that pop up said:
Buffer Overflow in Messenger Service Could Allow Code Execution /
Unexpected Computer Shutdown
Issued: June 10, 2005
Summary
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Maximum Severity Rating: Critical
Recommendation: Users running vulnerable version should install a patch
immediately
Caveats: None
Tested Software and Patch Download Locations:
Affected Software:
Microsoft Windows NT Workstation - Download a fix to patch this issue
Microsoft Windows NT - Download a fix to patch this issue
Microsoft Windows 2000 - Download a fix to patch this issue
Microsoft Windows XP - Download a fix to patch this issue
Microsoft Windows Win98 - Download a fix to patch this issue
Microsoft Windows Server 2003 - Download a fix to patch this issue
The software listed above has been tested to determine if the versions are
affected. Other versions are no longer supported, and may or may not be
affected.
Technical Description:
A security vulnerability exists in the Microsoft® Messenger Service that
could allow arbitrary code execution on an affected system. The vulnerability
results because the Messenger Service does not properly validate the length
of a message before passing it to the allocated buffer.
An attacker who successfully exploited this vulnerability could be able to
run code with Local System privileges on an affected system, or could cause
the Messenger Service to fail. The attacker could then take any action on the
system, including installing programs, viewing, changing or deleting data, or
creating new accounts with full privileges.
Mitigating factors:
Messages are delivered to the Messenger service via NetBIOS or RPC. If users
have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast packets
using a firewall, others will not be able to send messages to them on those
ports. Most firewalls, including Internet Connection Firewall in Windows XP,
block NetBIOS by default.
Disabling the Messenger Service will prevent the possibility of attack.
On Windows Server 2003 systems, the Messenger Service is disabled by default.
Severity Rating:
Windows NT Critical
Windows Server NT 4.0 Terminal Server Edition Critical
Windows 2000 Critical
Windows XP Critical
Windows Server 2003 Moderate
this window came up with this info at www.updatepatch.info.
I didn't install it because they charge $19.99 to download it but I found it
kind of strange isn't in the windows website. Does any body know if we
really need this patCH?
THanks
THis is what the window that pop up said:
Buffer Overflow in Messenger Service Could Allow Code Execution /
Unexpected Computer Shutdown
Issued: June 10, 2005
Summary
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Maximum Severity Rating: Critical
Recommendation: Users running vulnerable version should install a patch
immediately
Caveats: None
Tested Software and Patch Download Locations:
Affected Software:
Microsoft Windows NT Workstation - Download a fix to patch this issue
Microsoft Windows NT - Download a fix to patch this issue
Microsoft Windows 2000 - Download a fix to patch this issue
Microsoft Windows XP - Download a fix to patch this issue
Microsoft Windows Win98 - Download a fix to patch this issue
Microsoft Windows Server 2003 - Download a fix to patch this issue
The software listed above has been tested to determine if the versions are
affected. Other versions are no longer supported, and may or may not be
affected.
Technical Description:
A security vulnerability exists in the Microsoft® Messenger Service that
could allow arbitrary code execution on an affected system. The vulnerability
results because the Messenger Service does not properly validate the length
of a message before passing it to the allocated buffer.
An attacker who successfully exploited this vulnerability could be able to
run code with Local System privileges on an affected system, or could cause
the Messenger Service to fail. The attacker could then take any action on the
system, including installing programs, viewing, changing or deleting data, or
creating new accounts with full privileges.
Mitigating factors:
Messages are delivered to the Messenger service via NetBIOS or RPC. If users
have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast packets
using a firewall, others will not be able to send messages to them on those
ports. Most firewalls, including Internet Connection Firewall in Windows XP,
block NetBIOS by default.
Disabling the Messenger Service will prevent the possibility of attack.
On Windows Server 2003 systems, the Messenger Service is disabled by default.
Severity Rating:
Windows NT Critical
Windows Server NT 4.0 Terminal Server Edition Critical
Windows 2000 Critical
Windows XP Critical
Windows Server 2003 Moderate