Handler on Duty: Guy Bruneau
Threat Level: green
Published: 2003-09-23
*** IMPORTANT UPDATE: ***
**OpenSSH 3.7.1p2 was released on September 23rd.**
It fixes additional security problems. No details yet.
****************************
A vulnerability has been discovered in OpenSSH which also affects the recent released versions 3.7p1 and 3.7.1p1.
We highly recommend upgrading to the version 3.7.1p2 which was released this morning. The new version 3.7.1p2 fixes additional related issues in the PAM module, not covered in 3.7.1p1.
This new bug may be remotely exploited according to the recently released announcement: "Under a non-standard configuration, with privsep disabled". This bug may not be exploitable on some platforms (e.g. OpenBSD) but could be exploitable on others (e.g. Linux).
Currently, there is no widely available exploit.
Workaround for this new bug (also affects 3.7p1 and 3.7.1p1)
(*) Upgrade to Portable OpenSSH 3.7.1p2 or disable PAM support ("UsePam no" in sshd_config).
(*) Allow only trusted hosts to access port 22
(*) Enable the 'Privilege Separation feature. It is not clear if this will prevent the current exploit. But it is likely to make any compromise harder
At the time of this writing, no major Linux distribution has released an official update.
OpenSSH is used in a number of devices sold by various vendors. Examples are Cisco and Juniper routers. We do not know at this point if these devices are vulnerable. Please contact your vendor for details.
Related links:
Portable OpenSSH Source:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
OpenSSH Web site:
http://www.openssh.org
OpenSSH Advisory:
http://www.openssh.com/txt/sshpam.adv
As always: Verify PGP signatures for any patches or files you download.
Relevant URLs for patches:
Linux:
Debian: http://www.debian.org/security/2003/dsa-382
Mandrake: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:090
RedHat: http://www.redhat.com/apps/support/errata/
SUSE: http://www.suse.com/us/private/support/security/index.html (no ssh patch as of 19:30 EDT Sept. 16th)
Slackware: http://www.slackware.org
BSD:
FreeBSD: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc
NetBSD:
OpenBSD: http://www.openbsd.org/errata.html#sshbuffer
Please send additional relevant URLs to isc@sans.org
Not Vulnerable
Putty
ssh server from ssh.com
OpenSSH Vulnerability (New)
*** IMPORTANT UPDATE: ***
**OpenSSH 3.7.1p2 was released on September 23rd.**
It fixes additional security problems. No details yet.
****************************
A vulnerability has been discovered in OpenSSH which also affects the recent released versions 3.7p1 and 3.7.1p1.
We highly recommend upgrading to the version 3.7.1p2 which was released this morning. The new version 3.7.1p2 fixes additional related issues in the PAM module, not covered in 3.7.1p1.
This new bug may be remotely exploited according to the recently released announcement: "Under a non-standard configuration, with privsep disabled". This bug may not be exploitable on some platforms (e.g. OpenBSD) but could be exploitable on others (e.g. Linux).
Currently, there is no widely available exploit.
Workaround for this new bug (also affects 3.7p1 and 3.7.1p1)
(*) Upgrade to Portable OpenSSH 3.7.1p2 or disable PAM support ("UsePam no" in sshd_config).
(*) Allow only trusted hosts to access port 22
(*) Enable the 'Privilege Separation feature. It is not clear if this will prevent the current exploit. But it is likely to make any compromise harder
At the time of this writing, no major Linux distribution has released an official update.
OpenSSH is used in a number of devices sold by various vendors. Examples are Cisco and Juniper routers. We do not know at this point if these devices are vulnerable. Please contact your vendor for details.
Related links:
Portable OpenSSH Source:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
OpenSSH Web site:
http://www.openssh.org
OpenSSH Advisory:
http://www.openssh.com/txt/sshpam.adv
As always: Verify PGP signatures for any patches or files you download.
Relevant URLs for patches:
Linux:
Debian: http://www.debian.org/security/2003/dsa-382
Mandrake: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:090
RedHat: http://www.redhat.com/apps/support/errata/
SUSE: http://www.suse.com/us/private/support/security/index.html (no ssh patch as of 19:30 EDT Sept. 16th)
Slackware: http://www.slackware.org
BSD:
FreeBSD: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc
NetBSD:
OpenBSD: http://www.openbsd.org/errata.html#sshbuffer
Please send additional relevant URLs to isc@sans.org
Not Vulnerable
Putty
ssh server from ssh.com
Published: 2003-09-16
*** IMPORTANT UPDATE: ***
**OpenSSH 3.7.1p2 was released on September 23rd.**
It fixes additional security problems. No details yet.
****************************
A vulnerability has been discovered in OpenSSH which also affects the recent released versions 3.7p1 and 3.7.1p1.
We highly recommend upgrading to the version 3.7.1p2 which was released this morning. The new version 3.7.1p2 fixes additional relating issues in PAM module, not covered in 3.7.1p1.
This new bug may be remotely exploited according the recent released announce: "Under a non-standard configuration, with privsep disabled". This bug may not be exploitable on some platforms (e.g. OpenBSD) but could be exploitable on others (e.g. Linux).
Currently, there is no widely available exploit.
Workaround for this new bug (also affects 3.7p1 and 3.7.1p1)
(*) Upgrade to Portable OpenSSH 3.7.1p2 or disable PAM support ("UsePam no" in sshd_config).
(*) Allow only trusted hosts to access port 22
(*) Enable the 'Privilege Separation feature. It is not clear if this will prevent the current exploit. But it is likely to make any compromise harder
at the time of this writing, no major Linux distribution released an official update.
OpenSSH is used in a number of devices sold by various vendors. Examples are Cisco and Juniper routers. We do not know at this point if these devices are vulnerable. Please contact your vendor for details.
Related links:
Portable OpenSSH Source:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
OpenSSH Web site:
http://www.openssh.org
OpenSSH Advisory:
http://www.openssh.com/txt/sshpam.adv
As always: Verify PGP signatures for any patches or files you download.
Relevant URLs for patches:
Linux:
Debian: http://www.debian.org/security/2003/dsa-382
Mandrake: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:090
RedHat: http://www.redhat.com/apps/support/errata/
SUSE: http://www.suse.com/us/private/support/security/index.html (no ssh patch as of 19:30 EDT Sept. 16th)
Slackware: http://www.slackware.org
BSD:
FreeBSD: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc
NetBSD:
OpenBSD: http://www.openbsd.org/errata.html#sshbuffer
Please send additional relevant URLs to isc@sans.org
Not Vulnerable
Putty
ssh server from ssh.com
OpenSSH Vulnerability (NEW)
*** IMPORTANT UPDATE: ***
**OpenSSH 3.7.1p2 was released on September 23rd.**
It fixes additional security problems. No details yet.
****************************
A vulnerability has been discovered in OpenSSH which also affects the recent released versions 3.7p1 and 3.7.1p1.
We highly recommend upgrading to the version 3.7.1p2 which was released this morning. The new version 3.7.1p2 fixes additional relating issues in PAM module, not covered in 3.7.1p1.
This new bug may be remotely exploited according the recent released announce: "Under a non-standard configuration, with privsep disabled". This bug may not be exploitable on some platforms (e.g. OpenBSD) but could be exploitable on others (e.g. Linux).
Currently, there is no widely available exploit.
Workaround for this new bug (also affects 3.7p1 and 3.7.1p1)
(*) Upgrade to Portable OpenSSH 3.7.1p2 or disable PAM support ("UsePam no" in sshd_config).
(*) Allow only trusted hosts to access port 22
(*) Enable the 'Privilege Separation feature. It is not clear if this will prevent the current exploit. But it is likely to make any compromise harder
at the time of this writing, no major Linux distribution released an official update.
OpenSSH is used in a number of devices sold by various vendors. Examples are Cisco and Juniper routers. We do not know at this point if these devices are vulnerable. Please contact your vendor for details.
Related links:
Portable OpenSSH Source:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
OpenSSH Web site:
http://www.openssh.org
OpenSSH Advisory:
http://www.openssh.com/txt/sshpam.adv
As always: Verify PGP signatures for any patches or files you download.
Relevant URLs for patches:
Linux:
Debian: http://www.debian.org/security/2003/dsa-382
Mandrake: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:090
RedHat: http://www.redhat.com/apps/support/errata/
SUSE: http://www.suse.com/us/private/support/security/index.html (no ssh patch as of 19:30 EDT Sept. 16th)
Slackware: http://www.slackware.org
BSD:
FreeBSD: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc
NetBSD:
OpenBSD: http://www.openbsd.org/errata.html#sshbuffer
Please send additional relevant URLs to isc@sans.org
Not Vulnerable
Putty
ssh server from ssh.com
0 Comments
Published: 2003-09-11
Microsoft Windows RPCSS Vulnerability Update
Several groups are working on an exploit for this vulnerability. Expect a working exploit to be published and used within the next few days. We did compile a set of power point slides for IT managers to illustrate the most important facts of this issue:
PDF: http://isc.sans.org/presentations/MS03-039.pdf
Power Point: http://isc.sans.org/presentations/MS03-039.ppt
This vulnerability is NOT PATCHED by the RPC DCOM patch (MS03-026)
The RPCSS patch (MS03-039) has been made available on Sept. 10th (Wednesday). No patch prior to this date fixed this issue. While this is an RPC issue, it is a new and different issue as the one released in July.
You must patch as soon as possible
We expect an exploit in widespread use shortly. At this point, you should be able to patch while assuming that the machine has not yet been compromised. However, within a few days this may no longer be the case and you will have to validate the system's integrity.
The patch for MS03-039 (RPCSS) does include the july patch for MS03-026 (RPC DCOM).
Workarounds
There are two workarounds. You can avoid exploitation by this vulnerability by applying firewall rules. In particular if you are using a host based ("Personal") firewall. For network firewalls, make sure no hosts are moved into the same zone with unpatched machines. We recommend setting up a "laptop quarantine" to avoid the introduction of malware from the outside of the network.
In order to protect unpatched systems, you should close the following ports:
UDP 135, 137, 138, 445
TCP 135, 139, 445, 593
Other ports may be used as well depending on additional components you may have installed. In particular if you are using COM Internet Services (CIS) and RPC over HTTP, you need to close port 80 and 443 inbound.
To disable RPC, see this article: http://support.microsoft.com/default.aspx?scid=kb;en-us;825750
Update Vulnerability Scanners
Scanners for the old RPC vulnerability will not recognize this new vulnerability, and may detect false positives for patched systems. Update to the most recent versions of your scanner.
Links and Further Information
Microsoft Bulletin (Consumer version):
http://www.microsoft.com/security/security_bulletins/ms03-039.asp
Microsoft Bulletin (Technical Details):
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp
Details about RPC:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rpc/rpc/remote_procedure_calls_using_rpc_over_http.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/cis.asp
Scanners:
Microsoft: http://support.microsoft.com/?kbid=827363
Qualys: http://www.qualys.com/RPCSS
Eeye: http://www.eeye.com/html/Research/Tools/RPCDCOM.html
ISS: http://www.iss.net/support/product_utilities/Xfrpcss.php
Foundstone: http://www.foundstone.com/resources/scanning.htm
Symbolic.it (Italian and English): http://www.symbolic.it/Press/press_rpcheck2.html
PDF: http://isc.sans.org/presentations/MS03-039.pdf
Power Point: http://isc.sans.org/presentations/MS03-039.ppt
This vulnerability is NOT PATCHED by the RPC DCOM patch (MS03-026)
The RPCSS patch (MS03-039) has been made available on Sept. 10th (Wednesday). No patch prior to this date fixed this issue. While this is an RPC issue, it is a new and different issue as the one released in July.
You must patch as soon as possible
We expect an exploit in widespread use shortly. At this point, you should be able to patch while assuming that the machine has not yet been compromised. However, within a few days this may no longer be the case and you will have to validate the system's integrity.
The patch for MS03-039 (RPCSS) does include the july patch for MS03-026 (RPC DCOM).
Workarounds
There are two workarounds. You can avoid exploitation by this vulnerability by applying firewall rules. In particular if you are using a host based ("Personal") firewall. For network firewalls, make sure no hosts are moved into the same zone with unpatched machines. We recommend setting up a "laptop quarantine" to avoid the introduction of malware from the outside of the network.
In order to protect unpatched systems, you should close the following ports:
UDP 135, 137, 138, 445
TCP 135, 139, 445, 593
Other ports may be used as well depending on additional components you may have installed. In particular if you are using COM Internet Services (CIS) and RPC over HTTP, you need to close port 80 and 443 inbound.
To disable RPC, see this article: http://support.microsoft.com/default.aspx?scid=kb;en-us;825750
Update Vulnerability Scanners
Scanners for the old RPC vulnerability will not recognize this new vulnerability, and may detect false positives for patched systems. Update to the most recent versions of your scanner.
Links and Further Information
Microsoft Bulletin (Consumer version):
http://www.microsoft.com/security/security_bulletins/ms03-039.asp
Microsoft Bulletin (Technical Details):
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp
Details about RPC:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rpc/rpc/remote_procedure_calls_using_rpc_over_http.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/cis.asp
Scanners:
Microsoft: http://support.microsoft.com/?kbid=827363
Qualys: http://www.qualys.com/RPCSS
Eeye: http://www.eeye.com/html/Research/Tools/RPCDCOM.html
ISS: http://www.iss.net/support/product_utilities/Xfrpcss.php
Foundstone: http://www.foundstone.com/resources/scanning.htm
Symbolic.it (Italian and English): http://www.symbolic.it/Press/press_rpcheck2.html
0 Comments
Published: 2003-09-10
Update: MS03-039 Briefing for senior IT managers
PDF: http://isc.sans.org/presentations/MS03-039.pdf
Power Point: http://isc.sans.org/presentations/MS03-039.ppt
In response to todays announcement of a new Microsoft Windows RPC vulnerability, we
raised the 'Infocon' to 'yellow' in order to alert users of the urgency to patch,
and to point out that this is a new issue not covered by any of the prior RPC
patches.
Microsoft released a new RPC related advisory (MS003-039). This advisory discloses
a buffer overrun condition in the RPCSS service. This issue is not fixed by any
patch applied to remedy the RPC DCOM vulnerability.
For details, see:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp
Microsoft RPCSS Vulnerability
Update: MS03-039 Briefing for senior IT managers
PDF: http://isc.sans.org/presentations/MS03-039.pdf
Power Point: http://isc.sans.org/presentations/MS03-039.ppt
In response to todays announcement of a new Microsoft Windows RPC vulnerability, we
raised the 'Infocon' to 'yellow' in order to alert users of the urgency to patch,
and to point out that this is a new issue not covered by any of the prior RPC
patches.
Microsoft released a new RPC related advisory (MS003-039). This advisory discloses
a buffer overrun condition in the RPCSS service. This issue is not fixed by any
patch applied to remedy the RPC DCOM vulnerability.
For details, see:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp
0 Comments
Published: 2003-09-09
Sobig-F hybernation
Today will be the last day for Sobig-F to propagate. While it will no
longer send e-mail to spread, Sobig-F will not uninstall and infected
systems continue to be vulnerable to future upgrades via the backdoor
installed by Sobig-F.
As a reminder: If you are using a virus scanner on your mail server,
please make sure that it does not send notifications to the senders
of infected e-mails. Most recently released worms, including Sobig,
use fake "From" headers. As a result, notification e-mails can flood
innocent bystanders and cause considerable pain to mail systems.
Based on Sobig's history, a new version may be released soon. Insure
your users are aware not to click on ANY unsolicited attachments.
Recent Office vulnerabilities may open new vectors for viruses to
spread. Update vulnerable systems as soon as possible. The vulnerabilities
affect essentially all versions of Microsoft Office and Microsoft Works.
For Office updates see: http://office.microsoft.com/productupdates/
These patches will not be offered by Windows Update.
longer send e-mail to spread, Sobig-F will not uninstall and infected
systems continue to be vulnerable to future upgrades via the backdoor
installed by Sobig-F.
As a reminder: If you are using a virus scanner on your mail server,
please make sure that it does not send notifications to the senders
of infected e-mails. Most recently released worms, including Sobig,
use fake "From" headers. As a result, notification e-mails can flood
innocent bystanders and cause considerable pain to mail systems.
Based on Sobig's history, a new version may be released soon. Insure
your users are aware not to click on ANY unsolicited attachments.
Recent Office vulnerabilities may open new vectors for viruses to
spread. Update vulnerable systems as soon as possible. The vulnerabilities
affect essentially all versions of Microsoft Office and Microsoft Works.
For Office updates see: http://office.microsoft.com/productupdates/
These patches will not be offered by Windows Update.
0 Comments
Published: 2003-09-05
Steps to Mitigate Office Vulnerabilities
Some of the vulnerabilities announced on Wednesday are easily exploited to
execute hostile code without users opening any attachments.
As patching is tricky, we do provide these steps as a work around. Please
do not substitute implementing these steps for patching. However, it may
help mitigate problems.
Proof of concept exploits for the vulnerability have been released to the
public. At this point, it is rather likely that this vulnerability will
be used as a vector to launch a virus or for targeted network intrusions.
The basic idea is to change the message format in Exchange to txt or html.
(In exchange go to tools, options, mailformat, message format )
If this option is "Microsoft Word" any reply or forward with an infected
word document in it can cause word to open the infected document.
The default email editor in office XP (EXCHANGE) is word.
To change which program starts when you open a file
1 In My Computer or Windows NT Explorer, click the View menu, and then
click Options.
2 Click the File Types tab.
3 In the list of file types, click the one you want to change.
The settings for that file type are shown in the File Type Details box.
4 Click Edit.
5 In the Actions box, click Open.
6 Click Edit, and then specify the program you want to use to open
files that have this extension.
Choose word documents (and all other word type files)
change from quick view to confirm open after download.
URL for Office Updates:
http://office.microsoft.com/productupdates/
execute hostile code without users opening any attachments.
As patching is tricky, we do provide these steps as a work around. Please
do not substitute implementing these steps for patching. However, it may
help mitigate problems.
Proof of concept exploits for the vulnerability have been released to the
public. At this point, it is rather likely that this vulnerability will
be used as a vector to launch a virus or for targeted network intrusions.
The basic idea is to change the message format in Exchange to txt or html.
(In exchange go to tools, options, mailformat, message format )
If this option is "Microsoft Word" any reply or forward with an infected
word document in it can cause word to open the infected document.
The default email editor in office XP (EXCHANGE) is word.
To change which program starts when you open a file
1 In My Computer or Windows NT Explorer, click the View menu, and then
click Options.
2 Click the File Types tab.
3 In the list of file types, click the one you want to change.
The settings for that file type are shown in the File Type Details box.
4 Click Edit.
5 In the Actions box, click Open.
6 Click Edit, and then specify the program you want to use to open
files that have this extension.
Choose word documents (and all other word type files)
change from quick view to confirm open after download.
URL for Office Updates:
http://office.microsoft.com/productupdates/
0 Comments
Published: 2003-09-03
5 Microsoft Advisories
Microsoft release 5 new advisories today:
Most of these advisories require updates to Microsoft Office. In order to
download and install the patches, use this URL:
http://office.microsoft.com/productupdates/
The regular Windows Update service will not offer any Office patches. Make sure
you have your Microsoft Office CDs ready. The patch may require you to insert the CDs for Office, Frontpage and Visio. The exact CDs required varies from installation to installation.
This is a very brief summary to allow you to scan the issues. Please refer to the Microsoft bulletins for details.
MS03-34: Flaw in NetBIOS Could Lead to Information Disclosure
http://www.microsoft.com/technet/security/bulletin/MS03-034.asp
If a host responds to Netbios name queries, the packet is padded with content pulled from memory. If you are unlucky, this could be a password. The severity of this issue is rated low for all effected version of Windows. Windows NT 4.0, NT 4.0 Terminal Server Edition, 2000, XP and 2003 are vulnerable.
The memory location is random and there is no obvious way for an attacker to control it.
MS03-35: Flaw in Microsoft Word Could Enable Macros to Run Automatically
http://www.microsoft.com/technet/security/bulletin/MS03-035.asp
This problem could allow an attacker to run Word macros and bypass various protection mechanisms. All versions of Word and Microsoft Works are effected and
Microsoft considers this an "important" issue.
In order to execute a macro, the document has to be opened in Word. Alternative office suites like Open Office can be used. In general, it is not a good idea to open any attachment from an untrusted source. Digital signatures can be used to avoid 'From' spoofing.
MS03-36: Buffer Overrun in WordPerfect Converter Could Allow Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-036.asp
The Wordperfect converter included in Microsoft Office, Frontpage, Publisher and Works is suceptible to a buffer overflow. The attacker can execute arbitrary code as the user opening the file. Again, do not open attachments you don't trust.
MS03-37: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-037.asp
MS03-38: Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-038.asp
Most of these advisories require updates to Microsoft Office. In order to
download and install the patches, use this URL:
http://office.microsoft.com/productupdates/
The regular Windows Update service will not offer any Office patches. Make sure
you have your Microsoft Office CDs ready. The patch may require you to insert the CDs for Office, Frontpage and Visio. The exact CDs required varies from installation to installation.
This is a very brief summary to allow you to scan the issues. Please refer to the Microsoft bulletins for details.
MS03-34: Flaw in NetBIOS Could Lead to Information Disclosure
http://www.microsoft.com/technet/security/bulletin/MS03-034.asp
If a host responds to Netbios name queries, the packet is padded with content pulled from memory. If you are unlucky, this could be a password. The severity of this issue is rated low for all effected version of Windows. Windows NT 4.0, NT 4.0 Terminal Server Edition, 2000, XP and 2003 are vulnerable.
The memory location is random and there is no obvious way for an attacker to control it.
MS03-35: Flaw in Microsoft Word Could Enable Macros to Run Automatically
http://www.microsoft.com/technet/security/bulletin/MS03-035.asp
This problem could allow an attacker to run Word macros and bypass various protection mechanisms. All versions of Word and Microsoft Works are effected and
Microsoft considers this an "important" issue.
In order to execute a macro, the document has to be opened in Word. Alternative office suites like Open Office can be used. In general, it is not a good idea to open any attachment from an untrusted source. Digital signatures can be used to avoid 'From' spoofing.
MS03-36: Buffer Overrun in WordPerfect Converter Could Allow Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-036.asp
The Wordperfect converter included in Microsoft Office, Frontpage, Publisher and Works is suceptible to a buffer overflow. The attacker can execute arbitrary code as the user opening the file. Again, do not open attachments you don't trust.
MS03-37: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-037.asp
MS03-38: Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-038.asp
0 Comments
0 Comments