Operating System:

[WIN]

Published:

07 February 2001

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2001.048 

-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

          ESB-2001.048 -- Microsoft Security Bulletin (MS01-003)
              Patch Available for Winsock Mutex Vulnerability
                              8 February 2001

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                Mutex
Vendor:                 Microsoft
Operating System:       Windows NT 4.0
                        Windows NT 4.0 Terminal Server Edition
Impact:                 Denial of Service
Access Required:        Local

- --------------------------BEGIN INCLUDED TEXT--------------------

- ----------------------------------------------------------------------
Title:          Patch Available for Winsock Mutex Vulnerability
Date:           24 January 2001
Software:       Microsoft Windows NT 4.0 and Windows NT 4.0 TSE
Impact:         Denial of Service
Bulletin:       MS01-003

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/ms01-003.asp
- ----------------------------------------------------------------------

Issue:
======
Like all other objects under Windows NT 4.0, mutexes -
synchronization objects that govern access to resources - have
permissions associated with them, that govern how they can be
accessed. However, a particular mutex used to govern access to a
networking resource has inappropriately loose permissions. This could
enable an attacker who had the ability to run code on a local machine
to monopolize the mutex, thereby preventing any other processes from
using the resource that it controlled. This would have the effect of
preventing the machine from participating in the network.

The attacker would require interactive logon access to the affected
machine. This significantly limits the scope of the vulnerability
because, if normal security recommendations have been followed,
unprivileged users will not be granted interactive logon rights to
critical machines like servers. Unprivileged users typically are
granted interactive logon rights to workstations and terminal
servers. However, a workstation would not be a tempting target for an
attacker, because he could only use this vulnerability to deny
service to himself. The machines most likely to be affected would be
terminal servers.

Mitigating Factors:
===================
 - The attacker would require interactive logon access to the
   affected machine.

Path Availability:
==================
 - A patch is available to fix this vulnerability. Please read
   Security Bulletin MS01-003 at:
   http://www.microsoft.com/technet/security/bulletin/ms01-003.asp
   for information on obtaining this patch.


Acknowledgment:
===============
 - Arne Vidstrom (http://ntsecurity.nu)

- ----------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.

- --------------------------END INCLUDED TEXT--------------------

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBOoJtTyh9+71yA2DNAQGkbQP/cztOfd9xg2M3mat3SPkyMRLRA0NEvlj/
Gpbmms4lXic4Hif0ZEE7nWqPg0gW9XtsPsfhqBsZXlpf/tLAH+snLLivOjrQJE46
N2RlHEj+qXrB4z5F0GxoQUhnNo/zXwyORUBWxfTd04hq795GiPorkSmIofjGBXFS
flKi0qR+GiI=
=cKTF
-----END PGP SIGNATURE-----