Tuesday, August 23, 2005

Microsoft Security Response Center: New advisory posted

Via the MSRC Blog.

There's been a lot of concern about MS05-039 because of the recent attacks against unpatched Windows 2000 systems. On operating systems like Windows XP Service Pack 2 and Windows Server 2003, any attack trying to exploit MS05-039 would have to be local to the computer, and could not travel automatically across a network unless the attacker was already at the system. On Windows XP Service Pack 1, we detailed in the bulletin that the attack could travel across a network but would require authentication. We have seen no attacks that target Windows XP or Windows Server 2003.

However, we are now aware of a very narrow and limited case on Windows XP SP1 whereby an unauthenticated attack might be possible. It's pretty specific (and to reiterate, if you are on Windows XP SP2 or have applied MS05-039, you are not impacted by this). But in the interests of making sure people have the right information to assess their risk we are providing an advisory as a precaution.

The new scenario only impacts computers that have not been upgraded to SP2, are not part of a domain, are not protected by a firewall, have not applied MS05-039, and have enabled "Simple File and Print Sharing" in a home environment or in a workgroup. Under this circumstance, the "Guest" account on the computer would then be available to remote users.

Domain users of Windows XP SP1 aren't impacted by this scenario at all. This is very specific to the “Guest” account when “Simple File and Print Sharing” has been enabled on Windows XP SP1 in a home or workgroup environment.

There is no known attack that is seeking to exploit this scenario. Of course, if you are concerned about this, simply apply MS05-039, as we continue to urge everyone to do. Oh, and upgrade to SP2!

The technical details are provided in the security advisory located here:

http://www.microsoft.com/technet/security/advisory/906574.mspx

0 Comments:

Post a Comment

<< Home