===================================================================== CERT-Renater Note d'Information No. 2005/VULN070 _____________________________________________________________________ DATE : 09/02/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows NT Server 4.0, Windows 2000, Windows Server 2003. ====================================================================== MS05-010 Title: Vulnerability in the License Logging Service Could Allow Code Execution (885834) Affected Software: - Microsoft Windows NT Server 4.0 Service Pack 6a - Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 - Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 for Itanium-based Systems Non-Affected Software: - Microsoft Windows 2000 Professional Service Pack 3 and Microsoft Windows 2000 Professional Service Pack 4 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Restart required: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a reboot will not be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. Update can be uninstalled: Yes More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/MS05-0010.mspx I am still using Windows NT Server 4.0 Service Pack 6a or Windows NT Server 4.0 Terminal Server Edition Service Pack 6 but extended security update support ended on December 31st, 2004. However, this bulletin has security updates for these operating system versions. Why is that? Windows NT Server 4.0 Service Pack 6a and Windows NT Server 4.0 Terminal Server Edition Service Pack 6 reached the end of their life cycles on December 31, 2004. On this rare occasion, we believe that this vulnerability presents a serious risk to a broad number of customers. We have previously communicated that we reserve the right to produce updates in these situations. We determined that the best course of action to help protect customers was to release this security update. Therefore, we have decided to release a security update for this operating system version as part of this security bulletin. However, since Windows NT Server 4.0 is no longer in support, this security update will only be available on the Microsoft Download Center and will not be available through Windows Update. We do not anticipate doing this for future vulnerabilities that may affect this operating system version, but as mentioned previously, we reserve the right to produce updates and to make these updates available when necessary. It should be a priority for customers who have this operating system version to migrate to supported operating system versions to prevent potential exposure to vulnerabilities. For more information about the Windows Service Pack Product Life Cycle, visit the Microsoft Support Lifecycle Web site. For more information about the Windows Product Life Cycle, visit the Microsoft Support Lifecycle Web site. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================