Skip Navigation
York U: Redefine the Possible HOME | Current Students | Faculty & Staff | Research | International link: Future Students, Alumni & Visitors
Search »  
Navigation Items Computing Connecting to the Internet Accounts Using Email Using the Internet Developing Webpages Software and Applications Using Campus Labs Telecommunications Instructional Technology Centre
 

Information Security

INFOSEC ADVISORY: critical Windows NT4/2000/XP/2003 vulnerability

by Chris Russel

Please be advised that there is a known vulnerability in virtually all installations of Windows NT4, 2000, XP, and 2003. This is the type of vulnerability which is likely to be incorporated into a future network virus/worm. Microsoft has released a patch to correct the problem, and it is recommended all systems apply it as soon as possible. The patches are available via Windows Update.

Microsoft severity rating: Critical Remote exploitation of the vulnerability is possible, and results in the ability to run code with Local System privileges on the affected system.

Systems affected: All versions of Windows NT4, 2000, XP, 2003

Original Microsoft advisory (updated July 21st): http://microsoft.com/technet/security/bulletin/MS03-026.asp

The patches are available from Windows Update, or see the Microsoft advisory for links to individual patches for each affected version of Windows.

Note: Although the Microsoft advisory recommends blocking access to port 135, 139, and 445 as a workaround in lieu of the patch, there is some recent evidence that this is not sufficient.

Contact information
General inquiries:  infosec@yorku.ca
Network and computer abuse reports:  abuse@yorku.ca
Email spam reports: antispam@yorku.ca

 
Y graphic
last modified:
March 18, 2003
graphic rule
Copyright 2002 © York University