Symantec Security Response - Cisco & Microsoft Vulnerabilities
Two serious new security Vulnerabilities were announced yesterday affecting both the Microsoft Windows operating system
and Cisco routing equipment. Due to the severity of these Vulnerabilities and the importance of installing these
security patches, Symantec has raised its DeepSight ThreatCon level from 1 to 2.
Microsoft Windows MSRPC Buffer Overflow Vulnerability A new security vulnerability affecting the core part of the
Microsoft Windows operating system was announced. It is a significant vulnerability because it does not require any
prior authentication for an attacker to exploit it. An attacker with the ability to exploit this vulnerability only
requires the ability to connect to port TCP/135 on a vulnerable system. Once exploited, the attacker will have full
access to the targeted system.
The vulnerability affects the following versions of the operating system: Microsoft Windows NT 4.0 Microsoft Windows NT
4.0 Terminal Services Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003
Symantec recommends that administrators and users patch their systems immediately by going to the Microsoft Web site http://windowsupdate.microsoft.com.
Organisations and consumers are encouraged to implement firewalls to prevent systems from being compromised.
Administrators can block TCP port 135 at the firewall to prevent systems that are behind the firewall from being
attacked. Personal Firewall products can also assist in blocking traffic to this service.
Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet Cisco has published information regarding a denial
of service vulnerability in Cisco IOS versions 11.x and 12.x. This vulnerability affects all Cisco hardware running a
vulnerable IOS version, which is configured to process IPv4 traffic. This is a serious vulnerability as it affects a
significant number of infrastructure devices, on both corporate, and core Internet networks.
Full details and affected versions are available from Cisco at: http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Specially crafted IPv4 packets with modified headers will trigger this issue. A power cycling of an affected device is
required to regain normal functionality. Due to the critical nature of the affected Cisco devices, administrators are
strongly urged to upgrade to the latest version of Cisco IOS as soon as possible.
Symantec Security Response will monitor any unusual activities through its 19,000 sensors and Security Operation Centers
worldwide. We will continue to provide you with any updates.