|
Severity: High |
Microsoft ASN.1 Vulnerability
Overview: A vulnerability has been discovered in Microsoft Windows® Abstract Syntax Notation One (ASN.1). This vulnerability has been classified as "High Risk." Computer users should take action to patch vulnerable systems.
Date Published: February 12, 2004 Last Update: August 18, 2005
Impact: This vulnerability could allow a skilled attacker to execute code on the target system with elevated privileges. If successful, the attacker could install malicious code (worm, virus, Trojan horse), read confidential data, or take control of the target system.
Platforms Affected: Microsoft Windows operating systems: Windows NT 4, Windows 2000, Windows Server 2003 and Windows XP.
Description: Abstract Syntax Notation One (ASN.1) is widely used for many Microsoft products, applications and services. Because ASN.1 is widely used, many Microsoft applications and services could be targeted by an attacker. At least one exploit has been released which uses this vulnerability, computer users should apply the security patches listed below.
Zone Labs Products: To ensure the most comprehensive protection, computer users should employ ZoneAlarm® Plus or ZoneAlarm Pro. All Zone Labs security products including ZoneAlarm, our basic security product, protect the user's system from unauthorized access and intrusions, as well as alerting the user when malicious code attempts to access the network.
Recommended Actions
ZoneAlarm Plus and ZoneAlarm Pro Users:
- Install Microsoft patch 828028 to remove this vulnerability from the Windows operating system:
http://windowsupdate.microsoft.com
- Review Microsoft Security Bulletin MS04-007:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp
ZoneAlarm Users:
- Install Microsoft patch 828028 to remove this vulnerability from the Windows operating system:
http://windowsupdate.microsoft.com
- Review Microsoft Security Bulletin MS04-007:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp
Related Resources:
Contact: Zone Labs customers who are concerned about these vulnerabilities or have additional technical questions may reach our Technical Support group at: http://www.zonelabs.com/store/content/support/support.jsp. To report security issues with Zone Labs products contact security@zonelabs.com.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Zone Labs and Zone Labs products, are registered trademarks of Zone Labs Incorporated. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.
Copyright: ©2004-2005 Zone Labs LLC All rights reserved. Zone Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone Labs LLC The Zone Labs logo, Check Point Integrity and IMsecure are trademarks of Zone Labs LLC Check Point Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service mark of Zone Labs LLC All other trademarks are the property of their respective owners.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Zone Labs. Reprinting the whole or part of this alert in any medium other than electronically requires permission from Zone Labs.
|