Entry: eEyeŽ Digital Security Uncovers Dangerous Vulnerabilities in Microsoft Windows ASN Feb 13, 2004

Two critical security flaws were announced this week pertaining to Microsoft's ASN library. These vulnerabilities could significantly impact network security worldwide.

Systems Affected
All current versions of Microsoft Windows (e.g. Windows NT, XP, 2000) and Windows Server 2003.

Potential Impact
The ASN vulnerabilities uncovered by eEye could allow an attacker to overwrite heap memory with data, causing the execution of arbitrary code. These flaws can both be detected and exploited remotely and have the capability to cause serious damage if not immediately resolved. Since the ASN library is widely used by Windows security subsystems, the vulnerability is exposed through an array of authentication protocols. This makes these vulnerabilities more dangerous than previous flaws that spawned Nimda, Code Red and Sapphire worms. eEye and Microsoft have released detailed advisories to alert and inform Windows users of the need to immediately remediate vulnerable machines on their networks.

Severity: High (Remote Code Execution)
Because the ASN library is an industry standard used by Windows security subsystems, the vulnerability is exposed through several avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed email, signed ActiveX controls, etc.). This means that every Windows machine is vulnerable, unless it has been patched.


Protecting Against These Vulnerabilities
The most effective way to protect vulnerable systems is to apply the hotfix released by Microsoft. The hotfix remediates both vulnerabilities, and can be found here: http://www.microsoft.com/technet/security/bulletin/MS04-007.asp

RetinaŽ Network Security Scanner
Retina has been updated to check for the ASN.1 vulnerabilities. These checks are included in Retina versions 4.9.165 and higher. The following are the related vulnerability audits:

ASN.1 Vulnerability Could Allow Code Execution - NT4

ASN.1 Vulnerability Could Allow Code Execution - 2000

ASN.1 Vulnerability Could Allow Code Execution - XP

ASN.1 Vulnerability Could Allow Code Execution - 2003
Additional Information: eEye Security Bulletins
Microsoft ASN.1 Library Length Overflow Heap Corruption http://www.eeye.com/html/Research/Advisories/AD20040210.html

Microsoft ASN.1 Library Bit String Heap Corruption http://www.eeye.com/html/Research/Advisories/AD20040210-2.htm


Leave a Comment:


Homepage (optional)