Alerts
About the Windows Messenger Services Vulnerability (MS03-043)
Date:
October 16, 2003
Severity:
Medium
Systems Affected:
Microsoft Windows NT 4.0 (including Terminal Server Edition)
Microsoft Windows 2000
Microsoft Windows XP (all SPs)
Microsoft Windows 2003
Overview:
Detection:
The full version of Retina Network Security scanner can already identify vulnerable machines. In addition to this security flaw, Retina detects over one thousand vulnerabilities to provide ongoing, comprehensive security audits for any network.
To customize a Retina policy to only look for this specific Windows Messenger Service vulnerability:
http://www.eeye.com/html/Products/Retina/index.html
Prevention:
eEye Digital Security is pleased to announce the release of a new lightweight Retina Scanner to detect the Microsoft Windows® Messenger vulnerability. eEye created the free single-audit utility for this particular vulnerability due to the critical nature of the flaw. This vulnerability may allow attackers to remotely execute arbitrary code on vulnerable systems with administrator privileges.
Download the FREE Retina Messenger Service Scanner here:
http://www.eeye.com/html/Research/Tools/MSGSVC.html
Note: This tool does not require domain administrator privileges to scan machine for the detection of vulnerable or unpatched machines.
This alert was last updated on October 16, 2003.
October 16, 2003
Severity:
Medium
Systems Affected:
Microsoft Windows NT 4.0 (including Terminal Server Edition)
Microsoft Windows 2000
Microsoft Windows XP (all SPs)
Microsoft Windows 2003
Overview:
Detection:
The full version of Retina Network Security scanner can already identify vulnerable machines. In addition to this security flaw, Retina detects over one thousand vulnerabilities to provide ongoing, comprehensive security audits for any network.
To customize a Retina policy to only look for this specific Windows Messenger Service vulnerability:
- Enable the "Windows Messenger Service Buffer Overflow" audit - NetBIOS section
- Enable the "Messenger Service A Security Hazard" audit - IP Services section
http://www.eeye.com/html/Products/Retina/index.html
Prevention:
eEye Digital Security is pleased to announce the release of a new lightweight Retina Scanner to detect the Microsoft Windows® Messenger vulnerability. eEye created the free single-audit utility for this particular vulnerability due to the critical nature of the flaw. This vulnerability may allow attackers to remotely execute arbitrary code on vulnerable systems with administrator privileges.
Download the FREE Retina Messenger Service Scanner here:
http://www.eeye.com/html/Research/Tools/MSGSVC.html
Note: This tool does not require domain administrator privileges to scan machine for the detection of vulnerable or unpatched machines.
This alert was last updated on October 16, 2003.
