Microsoft Windows MS04-032 patch is not installed
| win-ms04032-patch (17658) |  High Risk |
Description:
The patch specified in Microsoft Security Bulletin MS04-032 is not installed, which could allow an attacker to exploit the following four vulnerabilities:
Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by a vulnerability with certain Window Management application programming interface (API) functions. A local attacker could create a specially-crafted program that modifies the properties of another program that is running with a higher level of privilege, which could allow the attacker to gain elevated privileges.
Microsoft Windows could allow a local attacker to gain elevated privileges, caused by a vulnerability in the Virtual DOS Machine subsystem component. The Virtual DOS Machine (VDM) subsystem imitates MS-DOS and DOS-based Windows on Windows NT platforms. A local attacker could create an application to access protected kernel memory and execute arbitrary code with elevated privileges.This vulnerability is different than the vulnerability addressed in Microsoft Bulletin MS04-011.
Multiple versions of Microsoft Windows are vulnerable to a buffer overflow, caused by improper bounds checking when handling Enhanced Metafile (EMF) image formats. By creating a specially-crafted EMF image file containing malicious script, a remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the victim, once the file is opened. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or by sending it to a victim as an HTML email. This vulnerability is different than the vulnerability addressed in Microsoft Bulletin MS04-011.
Microsoft Windows Server 2003 is vulnerable to a denial of service attack. The Windows kernel fails to properly reset certain values within specific CPU data structures. By creating and executing a specially-crafted program, a local attacker could cause the server to stop responding and automatically restart.
Platforms Affected:
- Microsoft, Windows 2000 SP3
- Microsoft, Windows 2000 SP4
- Microsoft, Windows 2003 Server
- Microsoft, Windows 2003 Server x64
- Microsoft, Windows 98
- Microsoft, Windows 98SE
- Microsoft, Windows Me
- Microsoft, Windows NT 4.0 SP6 Terminal Server
- Microsoft, Windows NT 4.0 SP6a Server
- Microsoft, Windows XP 2003 64-bit
- Microsoft, Windows XP SP1
- Microsoft, Windows XP SP1 64-bit
- Microsoft, Windows XP
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-032. See References.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Tue Oct 12 2004 - 23:45:50 CDT, EEYE: Windows VDM #UD Local Privilege Escalation at http://archives.neohapsis.com/archives/bugtraq/2004-10/0108.html.
- BugTraq Mailing List, Wed Oct 13 2004 - 18:13:34 CDT, SetWindowLong Shatter Attacks at http://archives.neohapsis.com/archives/bugtraq/2004-10/0113.html.
- CIAC Information Bulletin P-008, Microsoft Security Update for Microsoft Windows (840987) at http://www.ciac.org/ciac/bulletins/p-008.shtml.
- IBM Internet Security Systems X-Force Database, Microsoft Windows Server 2003 kernel CPU denial of service at http://xforce.iss.net/xforce/xfdb/16582.
- IBM Internet Security Systems X-Force Database, Microsoft Windows Window Management API allows elevated privileges at http://xforce.iss.net/xforce/xfdb/16579.
- IBM Internet Security Systems X-Force Database, Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges at http://xforce.iss.net/xforce/xfdb/16580.
- IBM Internet Security Systems X-Force Database, Microsoft Windows Enhanced Metafile (EMF) buffer overflow at http://xforce.iss.net/xforce/xfdb/16581.
- Microsoft Security Bulletin MS04-032, Security Update for Microsoft Windows (840987) at http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx.
- BID-11365: Microsoft Windows Kernel Local Denial of Service Vulnerability
- BID-11369: Microsoft Windows Kernel Virtual DOS Machine Privilege Escalation Vulnerability
- BID-11375: Microsoft Windows WMF/EMF Image Format Rendering Remote Buffer Overflow Vulnerability
- BID-11378: Microsoft Window Management API Local Privilege Escalation Vulnerability
- CVE-2004-0207: Shatter style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
- CVE-2004-0208: The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
- CVE-2004-0209: Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve an unchecked buffer.
- CVE-2004-0211: The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
Reported:
Oct 12, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net