News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: ISS warns of new Microsoft Windows flaw

Attackers could exploit the latest Microsoft Windows flaw to crash vulnerable machines. Meanwhile, Symantec fixes a Brightmail AntiSpam flaw.

ISS warns of new Microsoft Windows flaw
Multiple versions of Microsoft Windows are vulnerable to a NULL pointer dereference error in the server driver, which attackers could exploit to crash a system using a specially crafted network packet. Atlanta-based vendor Internet Security Systems' (ISS) X-Force uncovered the glitch and released details Friday in an advisory, warning that an exploit is available in the wild.

"Attackers can reliably cause Microsoft Windows to [go to a] blue screen," ISS said. "Users must reboot to recover from the crash … As of this writing no patch is available for the vulnerability."

ISS said the security hole affects:

  • Microsoft Windows 2000 SP4
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 Itanium
  • Microsoft Windows Server 2003 SP1
  • Microsoft Windows Server 2003 SP1 Itanium
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows XP Pro x64 Edition
  • Microsoft Windows XP SP1
  • Microsoft Windows XP SP2

    Symantec fixes Brightmail AntiSpam flaw
    Cupertino, Calif.-based antivirus giant Symantec Corp. has fixed multiple flaws in its Brightmail AntiSpam product. Attackers could exploit the flaws to read or modify confidential system information, Symantec said in an advisory.

    "Symantec Brightmail AntiSpam fails to fully sanitize file names passed to the DATABLOB-GET / DATABLOB-SAVE requests of directory traversal sequences," Symantec said. "This directory traversal vulnerability could result in confidential system information being exposed."

    During the installation of email scanners, Symantec said three options are given for identifying the Brightmail AntiSpam control center that will control the scanner. The first option is a local control center. The second option is to identify the control center by its IP address, and the third option allows the control center to connect from any computer.

    Symantec said the third option could allow an attacker to impersonate the control center, exposing the following vulnerabilities:

  • The Brightmail AntiSpam service can be hung by sending invalid posts, causing a denial of service.
  • By combining with the directory traversal vulnerability, some system files can be read.
  • By combining with the directory traversal vulnerability, it is possible to overwrite existing files on the same drive as Symantec Brightmail AntiSpam.

    The solution is to upgrade to Symantec Brightmail AntiSpam version 6.0.4 or to Symantec Mail Security (SMS) for SMTP version 5.0.

  • Dig Deeper on Microsoft Patch Tuesday and patch management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.