Blog.KtecTraining.com » Blog Archive » Microsoft Windows Server 2003 may have ‘critical’ flaw

Resources & News

Cisco Devices (4)
Internet Explorer (16)
IP Networking (3)
Microsoft Office (1)
Network Certifications (19)
- Cisco CCENT (2)
- Cisco CCNA (2)
- Cisco CCNP (2)
- CompTIA A+ (1)
- Microsoft MCITP (4)
- Microsoft MCSA (5)
- Microsoft MCSE (6)
- Microsoft MCTS (7)
News (307)
Online Study Tips (1)
Processors (1)
Windows 7 (164)
- Tools, Tips & Resources (39)
Windows Server 2003 (21)
Windows Server 2008 (26)
Windows Vista (80)
Windows XP (65)
Wireless Networks (2)

Google Ads

Articles, News and Computer Certification Resources

Ktec Training - Home

Registration:

Syndication:

RSS 2.0

Useful Sites & Blogs

Amazon Ads

Microsoft Windows Server 2003 may have ‘critical’ flaw

February 2nd, 2008 by Karen

Microsoft has confirmed a critical flaw could allow an attacker to take complete control of an affected system, once in control they could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability occurs if an “IP multicast group” is enabled, this listens for Internet Control Message Protocol (IGMP) queries.

ICMP has two main funtions, first it carries requests and reply data for diagnostic programs like the PING command, it also provides error reporting services for intermediate systems

Microsoft has released a critical security update for all supported editions of Windows XP, Windows Vista and an important security update for all supported editions of Windows Server 2003, this includes Small Business Server (SBS) 2003.

The security bulletin MS08-001 is available on the Microsoft web site and was released early in January this year, however, Microsoft modified this bulletin on 23 January 2008 to acknowledge that SBS 2003 is also vulnerable and then again on 25 January 2008 to add Windows Home Server to the documentation. For more information, see the security bulletin subsection: “Affected and Non-Affected Software”.

To try and explain the vulnerability, let us look at Server 2003, this enables multicast group 224.0.0.1 by default, which represents all the computers on your local subnet, any ICMP queries to that group are ignored. However, various applications can enable other ICMP queries, meaning that a computer is vulnerable to exploitation. For example: SBS Server 2003 includes Exchange Server 2003, which runs WINS (Windows Internet Naming Service). That, in turn, enables the kind of ICMP queries that are open to hackers.

For more information, read the blog entry by Microsoft Security Vulnerability Research & Defense (SVRD) regarding the differences in multicast groups.

To test whether a server is currently vulnerable, open a command prompt and enter the following command:

NETSH INT IP SHOW JOINS

This command will show the multicast groups to which the server is joined. If any multicast group other than 224.0.0.1 is listed in the output of the command, the server is open to attack. This vulnerability is eliminated by installing security bulletin MS08-001.

Posted in News, Windows Server 2003, Windows Vista, Windows XP | No Comments »

You MUST register on this site to post a comment

Please Note: All comments will be screened and require my authorisation before publishing.

Spam will be deleted.

Please use the form below to post your comment: