lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030717065313.GA11248@grok.org.uk>
From: johnc at grok.org.uk (John Cartwright)
Subject: [contact@...-pl.net: Critical security vulnerability in Microsoft operating systems]

----- Forwarded message from Last Stage of Delirium <contact@...-pl.net> -----

Critical security vulnerability in Microsoft operating systems

Hello,

We have discovered a critical security vulnerability in all recent versions of 
Microsoft operating systems. The vulnerability affects default installations 
of Windows NT 4.0, Windows 2000, Windows XP as well as Windows 2003 Server. 

This is a buffer overflow vulnerability that exists in an integral component of 
any Windows operating system, the RPC interface implementing Distributed Component 
Object Model services (DCOM). In a result of implementation error in a function 
responsible for instantiation of DCOM objects, remote attackers can obtain 
unauthorized access to vulnerable systems.

The existence of the vulnerability has been confirmed by Microsoft Corporation. 
The appropriate security bulletin as well as fixes for all affected platforms 
are available for download from http://www.microsoft.com/security/ (MS03-026).

It should be emphasized that this vulnerability poses an enormous threat and  
appropriate patches provided by Microsoft should be immediately applied. 

We have decided not to publish codes or any technical details with regard to
this vulnerability at the moment.

With best regards,
Members of
The Last Stage of Delirium
Research Group

http://lsd-pl.net

----- End forwarded message -----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ