=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN453
_____________________________________________________________________

DATE                      : 12/11/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000 Server running License Logging Server.

======================================================================
KB974783
http://www.microsoft.com/technet/security/bulletin/ms09-064.mspx
______________________________________________________________________

Microsoft Security Bulletin MS09-064 - Critical

Vulnerability in License Logging Server Could Allow Remote Code Execution
(974783)

   Published: November 10, 2009

   Version: 1.0

General Information

Executive Summary

   This security update resolves a privately reported vulnerability in
   Microsoft Windows 2000. The vulnerability could allow remote code
   execution if an attacker sent a specially crafted network message to a
   computer running the License Logging Server. An attacker who successfully
   exploited this vulnerability could take complete control of the system.
   Firewall best practices and standard default firewall configurations can
   help protect networks from attacks that originate outside the enterprise
   perimeter.

   This security update is rated Critical for Microsoft Windows 2000. For
   more information, see the subsection, Affected and Non-Affected Software,
   in this section.

   The security update addresses the vulnerability by changing the way the
   License Logging service validates a specific field inside the RPC packet.
   For more information about the vulnerability, see the Frequently Asked
   Questions (FAQ) subsection for the specific vulnerability entry under the
   next section, Vulnerability Information.

Affected Software

   Microsoft Windows 2000 Server Service Pack 4

Vulnerability Information

License Logging Server Heap Overflow Vulnerability - CVE-2009-2523

   An unauthenticated remote code execution vulnerability exists in the way
   that the Microsoft License Logging Server software handles specially
   crafted RPC packets. An attempt to exploit the vulnerability would not
   require authentication, allowing an attacker to exploit the vulnerability
   by sending a specially crafted network message to a computer running the
   License Logging service. An attacker who successfully exploited this
   vulnerability could take complete control of the system.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================