---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Windows WINS Service Two Vulnerabilities SECUNIA ADVISORY ID: SA36213 VERIFY ADVISORY: http://secunia.com/advisories/36213/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. 1) An error in WINS (Windows Internet Name Service) when calculating a buffer length can be exploited to cause a heap-based buffer overflow via a specially crafted WINS network packet. Successful exploitation allows execution of arbitrary code, but requires that WINS is installed (not default). 2) An integer overflow error in WINS when validating data structures in WINS network packets can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code, but requires that WINS is installed (not default) and only affects Windows 2000 systems. SOLUTION: Apply patches. Windows 2000 Server SP4: http://www.microsoft.com/downloads/details.aspx?familyid=b5b9228a-66c0-49e6-afde-cc2825a6851f Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=3a8d8ef9-ad41-4237-9cbb-daecfd8f216c Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=e132d051-4444-4ef1-9b6f-2d7da9d2e88e Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=96c3f496-7b2f-4dbc-b484-216c9943c2b1 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Zero Day Initiative. 2) The vendor credits LiGen, National University of Defense Technology. ORIGINAL ADVISORY: MS09-039 (KB969883): http://www.microsoft.com/technet/security/Bulletin/MS09-039.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------