—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des Microsoft Product Security
Notification Service. Wir geben diese Informationen unveraendert an Sie
weiter.

CVE-2011-1984 – Schwachstelle in Microsoft WINS

Eine Schwachstelle bei der Verarbeitung von Paketen im Microsoft
DNS-Server WINS erlaubt es hoehere Privilegien zu erhalten. Dadurch ist
es einem lokalen Angreifer schlimmstenfalls moeglich, mittels eines
speziell praeparierten Pakets, das an das Loopback-Interface (localhost)
gesendet wird, beliebigen Code auf dem System zur Ausfuehrung zu
bringen. Hinweis: Ein Beispiel-Exploit wurde veroeffentlicht.

Betroffen sind die folgenden Software Pakete und Plattformen:

Windows Internet Name Service (WINS)

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 mit SP2 fuer Itanium-basierte Systeme
Windows Server 2008 fuer 32-bit Systeme Service Pack 2
Windows Server 2008 fuer x64-basierte Systeme Service Pack 2
Windows Server 2008 R2 fuer x64-basierte Systeme
Windows Server 2008 R2 fuer x64-basierte Systeme Service Pack 1

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Timo Schulz

– —
Timo Schulz, M.Sc. (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen: https://www.cert.dfn.de/autowarn

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2011.0933
Vulnerability in WINS Could Allow Elevation of Privilege
14 September 2011

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Windows Internet Name Service (WINS)
Publisher: Microsoft
Operating System: Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2011-1984

Original Bulletin:
http://technet.microsoft.com/en-us/security/bulletin/ms11-070

– – ————————–BEGIN INCLUDED TEXT——————–

Microsoft Security Bulletin MS11-070 – Important
Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
Published: Tuesday, September 13, 2011
Version: 1.0

General Information

Executive Summary

This security update resolves a privately reported vulnerability in the
Windows Internet Name Service (WINS). The vulnerability could allow
elevation of privilege if a user received a specially crafted WINS
replication packet on an affected system running the WINS service. An
attacker must have valid logon credentials and be able to log on
locally to exploit this vulnerability.

This security update is rated Important for servers running supported
editions of Windows Server 2003, Windows Server 2008 (except Itanium),
and Windows Server 2008 R2 (except Itanium), on which WINS is
installed. For more information, see the subsection, Affected and
Non-Affected Software, in this section.

Affected Software

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1

Vulnerability Information

WINS Local Elevation of Privilege Vulnerability – CVE-2011-1984

An elevation of privilege vulnerability exists in WINS, allowing
arbitrary code to be executed in the context of the local system. The
vulnerability is caused when the WINS server improperly processes a
sequence of specially crafted packets received on the loopback
interface. A local attacker who successfully exploited this
vulnerability could execute arbitrary code and take complete control of
an affected system. The attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.

– – ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
– —–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTm/uPu4yVqjM2NGpAQKb9Q/9FAMC1eS3NbUCtw5wt5yfsGoehB1i3YQH
jlInkzgJIsH1VNohojR8kcjyr5Y0QI3nGNtHat0KinPAYml65CxBFkewt/bJHzXz
wTf1CQQjsWpgKAXzXaUodfnny+cInuWhGVVXIC/UhxfmxRB7Uu2s6WnG4lWZyH5d
Jv1skG/a+1a1meZUaqkUP487aleeyn8SdhKb1dA/69lTSLVyjz0wzS8rMhm9VB9h
o/sio4Y9JgQA7a/mH2L+Tu9MTXKzhdz8wMfIbaOibsii5akMq0mmxy6wWkWxh2N2
CDFxoVVniuAkwrZzg87wBL6iQ5ufJwufx/gUsc0YDrIyQH/aRujtNvB92imPnV6H
u0eBfpsWgkUMjQ/J7DPF1wvrPrX81of8yFecJW3Z+XG35YePfGWTW3ZWEb/9EyIc
OiCi+Uys341en6BYBZnrwnjt3yJZBstt/tx/6l4D7qihCO3iAbHLPMaNEhPizuGY
6Pz37+lAO8IyJKzS4Dh/NrWBv556vxkfqXlgh9NKiF4aVqNQm3TFdAOAsdwOB9Qd
vdHgDZdHI/X5xAQCYNgTt37zRLCIYkGvB8JXVBdcc84mcu/BHxo7gbrFLLEvC62K
qCk5ST+RbJ/6k/QkRIFqh8cewa2xR1aWLPdvEvcZW+8hlL/0BNa22zeUkmBRIL50
j9veUM4HhdY=
=jQpo
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)

iQEcBAEBAgAGBQJOcHHuAAoJEJtyb8U7iGZBJ7cH+gJK4FW6s/RHZpRYDi3xbbtZ
nXmv65tboYjbl5Ean8FuWrI5SwzrgHgHvPD8J8uxNSt6Xg1fadzBSRvfjjhBrxCP
urWUYBrAHcpiPECqKFHaOz65rognjSHlL4/8v1trFB7p93Qmw7on8hWiMLqv7h/A
o3sVMV+xah7GZ2VLRNv2ksCE6Ea9BvEEdL2hz0z25xxPbPtrPpzX16bUicCT8pL8
hbt6MetxDa565zp8V2aA/mFAwSxqI3ixiF8f6iAqmVEbWhS+hSUgSCoalZNI/9A0
Wfjozs4makQPu56J6t6HpSTjQewahG5BEq9cd2jHhAfKpIpCScLZugvSX9s43cM=
=bA9U
—–END PGP SIGNATURE—–