Cisco & Microsoft Vulnerabilities Warning
Symantec Security Response - Cisco & Microsoft Vulnerabilities
Two serious new security Vulnerabilities were announced yesterday affecting both the Microsoft Windows operating system and Cisco routing equipment. Due to the severity of these Vulnerabilities and the importance of installing these security patches, Symantec has raised its DeepSight ThreatCon level from 1 to 2.
Microsoft Windows MSRPC Buffer Overflow Vulnerability A new security vulnerability affecting the core part of the Microsoft Windows operating system was announced. It is a significant vulnerability because it does not require any prior authentication for an attacker to exploit it. An attacker with the ability to exploit this vulnerability only requires the ability to connect to port TCP/135 on a vulnerable system. Once exploited, the attacker will have full access to the targeted system.
The vulnerability affects the following versions of the operating system: Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 Terminal Services Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003
Symantec recommends that administrators and users patch their systems immediately by going to the Microsoft Web site http://windowsupdate.microsoft.com.
Organisations and consumers are encouraged to implement firewalls to prevent systems from being compromised. Administrators can block TCP port 135 at the firewall to prevent systems that are behind the firewall from being attacked. Personal Firewall products can also assist in blocking traffic to this service.
Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet Cisco has published information regarding a denial of service vulnerability in Cisco IOS versions 11.x and 12.x. This vulnerability affects all Cisco hardware running a vulnerable IOS version, which is configured to process IPv4 traffic. This is a serious vulnerability as it affects a significant number of infrastructure devices, on both corporate, and core Internet networks.
Full details and affected versions are available from Cisco at: http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Specially crafted IPv4 packets with modified headers will trigger this issue. A power cycling of an affected device is required to regain normal functionality. Due to the critical nature of the affected Cisco devices, administrators are strongly urged to upgrade to the latest version of Cisco IOS as soon as possible.
Symantec Security Response will monitor any
unusual activities through its 19,000 sensors and Security
Operation Centers worldwide. We will continue to provide you
with any updates.