Home News Security Nortel Enterprise Response to Microsoft Security Bulletin MS09-064
Nortel Enterprise Response to Microsoft Security Bulletin MS09-064 PDF Print E-mail
Saturday, 14 November 2009 03:35
On Tuesday, November 10, Microsoft has released MS09-064 - Vulnerability in License Logging Server Could Allow Remote Code Execution (974783). This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Microsoft ratings for MS09-064: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely. MS09-064 addresses the following CVEs: License Logging Server Heap Overflow Vulnerability - CVE-2009-2523 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523) An unauthenticated remote code execution vulnerability exists in the way that the Microsoft License Logging Server software handles specially crafted RPC packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the License Logging service. An attacker who successfully exploited this vulnerability could take complete control of the system. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=977989&poid=  
< Prev   Next >
 
click here