---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Two Kerberos Vulnerabilities SECUNIA ADVISORY ID: SA16368 VERIFY ADVISORY: http://secunia.com/advisories/16368/ CRITICAL: Less critical IMPACT: Spoofing, Exposure of sensitive information, DoS WHERE: >From local network OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious users to cause a DoS (Denial of Service), reveal sensitive information, or impersonate other users. 1) An unspecified error in the handling of special Kerberos messages allows malicious users to cause the domain controller to shutdown. This vulnerability only affects Microsoft Windows Server 2000 and 2003, which are configured as domain controllers. 2) An unspecified error in the handling of PKINIT transactions, may allow users to impersonate other users by conducting a MITM (Man In The Middle) attack. This only affects systems using SmartCard authentication. SOLUTION: Apply patches. Microsoft Windows 2000 (requires SP4): http://www.microsoft.com/downloads/details.aspx?FamilyId=4E34CD17-8710-4E22-8620-3B84139C18BB Microsoft Windows XP (requires SP1 or SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=DD24F6FA-F6BB-4358-8C2F-7F6AB405981A Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=FB703DBD-3563-41FD-B608-361CC23796A5 Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=34E7CF41-C584-4071-A36F-DE19D0D04B97 Microsoft Windows Server 2003 for Itanium-based systems (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=037CD6D6-11F7-4C44-9CFB-4B6D0B9B93CB Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=B86E688C-B668-4841-B961-7C5412C525EC PROVIDED AND/OR DISCOVERED BY: 1) Tony Chin, Shell 2) Andre Scedrov, Iliano Cervesato, Aaron Jaggard, Joe-Kai Tsay, and Chris Walstad ORIGINAL ADVISORY: MS05-042 (KB899587): http://www.microsoft.com/technet/security/Bulletin/MS05-042.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------