Behrooz_Ice
10-21-2003, 08:07 PM
Current Version: 1.0.0
Release Date: October 17, 2003
The Retina Messenger Service Vulnerability Scanner is a tool created by eEye that is able to scan up to 256 IP addresses at once to determine if any are vulnerable to the recent Microsoft Windows Messenger Service flaw (MS03-043). If an IP address is found to be vulnerable, then the Retina Messenger Service Vulnerability Scanner will flag that IP address.
This tool does not require administrative privileges on the scanned machines in order to determine if the systems are vulnerable.
Note: Version 1.0.0 does not detect Windows NT4.
To Eliminate the Microsoft Windows Messenger Service Vulnerability From Your Systems
Microsoft has released a Hotfix that includes a patch for this vulnerability. The patch and security bulletin on this vulnerability can be found at:
[Only registered and activated users can see links]
============================================
About the Messenger Service Vulnerability
Microsoft recently released Security Bulletin MS03-043, which details a buffer overflow flaw in the Windows Messenger Service. This service in question is the default setting on all Windows NT, 2000 and XP desktops and servers. The Windows Messenger Service is unrelated to the MSN Instant Messenger program.
This vulnerability may allow attackers to remotely execute arbitrary code on unprotected systems with administrator privileges.
The new vulnerability is a buffer overflow associated with Windows Messenger Service and impacts Windows NT, Windows 2000, and Windows XP desktops and servers. Exploitation could result in a denial of service or in execution of malicious code in Local System context, potentially allowing for full system compromise.
An attacker who successfully exploits this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. This vulnerability identifier is CAN-2003-0717.
Versions affected:
Microsoft Windows NT 4.0 (including Terminal Server Edition)
Microsoft Windows 2000
Microsoft Windows XP (all SPs)
Microsoft Windows 2003
Release Date: October 17, 2003
The Retina Messenger Service Vulnerability Scanner is a tool created by eEye that is able to scan up to 256 IP addresses at once to determine if any are vulnerable to the recent Microsoft Windows Messenger Service flaw (MS03-043). If an IP address is found to be vulnerable, then the Retina Messenger Service Vulnerability Scanner will flag that IP address.
This tool does not require administrative privileges on the scanned machines in order to determine if the systems are vulnerable.
Note: Version 1.0.0 does not detect Windows NT4.
To Eliminate the Microsoft Windows Messenger Service Vulnerability From Your Systems
Microsoft has released a Hotfix that includes a patch for this vulnerability. The patch and security bulletin on this vulnerability can be found at:
[Only registered and activated users can see links]
============================================
About the Messenger Service Vulnerability
Microsoft recently released Security Bulletin MS03-043, which details a buffer overflow flaw in the Windows Messenger Service. This service in question is the default setting on all Windows NT, 2000 and XP desktops and servers. The Windows Messenger Service is unrelated to the MSN Instant Messenger program.
This vulnerability may allow attackers to remotely execute arbitrary code on unprotected systems with administrator privileges.
The new vulnerability is a buffer overflow associated with Windows Messenger Service and impacts Windows NT, Windows 2000, and Windows XP desktops and servers. Exploitation could result in a denial of service or in execution of malicious code in Local System context, potentially allowing for full system compromise.
An attacker who successfully exploits this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. This vulnerability identifier is CAN-2003-0717.
Versions affected:
Microsoft Windows NT 4.0 (including Terminal Server Edition)
Microsoft Windows 2000
Microsoft Windows XP (all SPs)
Microsoft Windows 2003