Microsoft Security Bulletin MS04-007

I did some search (not too difficult) on my previous post and yes a patch has been launched today. But not yet on automatic update. check the Start menu on your PC and ask for windows Update

ASN.1 Vulnerability Could Allow Code Execution (828028)

Issued: February 10, 2004
Version Number: 1.0

Summary

Who should read this document: Customers who are using Microsoft® Windows®

Impact of vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Systems administrators should apply the update immediately.

Security Update Replacement: None

Caveats: Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.

Tested Software and Security Update Download Locations:

Affected Software:

Tested Microsoft Windows Components:

Affected Components:

  • Microsoft ASN.1 Library

 

2 Comments

  • Yeah I just patched my online box 5 minutes after I received the patching-tuesday email from MS :) At first I thought... I don't run ASN using services on teh box, but then again I thought... what if there is something under the hood using this... ah well.. there went the uptime, but better safe than sorry :)

  • Even worse, according to slashdot, MS knew about this bug for 6 (six) months... oops...

Comments have been disabled for this content.