In-Depth
eEye Digital Security Uncovers Dangerous Vulnerabilities in Microsoft Windows ASN
eEye’s Retina Network Security Scanner detects and remediates ASN vulnerability
Aliso Viejo, CA – February 10, 2004. eEye Digital Security, a leading developer of enterprise security software solutions, today announced its research team uncovered two critical vulnerabilities relating to Microsoft’s Windows Abstract Syntax Notation One (ASN.1). ASN is the method through which the syntax of messages to be exchanged between peer applications is defined, independent of local representation. These critical security flaws affect unpatched Windows NT, 2000, XP and Windows Server 2003 machines. eEye’s research team discovered these vulnerabilities as early as July 2003 and worked with Microsoft to develop a remediation solution.
Either of these ASN vulnerabilities could allow an attacker to overwrite heap memory with arbitrary data allowing for the execution of malicious code. Both of these flaws can be detected and subsequently exploited remotely and have the potential to cause serious damage if not immediately remediated. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to an attack. Since the ASN library is widely used by Windows security subsystems, the vulnerability is exposed through an array of authentication protocols. This makes these vulnerabilities more dangerous than previous flaws that spawned Nimda, Code Red and Sapphire worms. eEye and Microsoft have released detailed advisories to alert Windows users of the need to immediately remediate vulnerable machines on their networks.
"eEye's research team is in constant search of new vulnerabilities in order to improve network security and stay a step ahead of malicious attacks that disrupt business and result in financial loss," said Marc Maiffret, chief hacking officer of eEye Digital Security. "With these new findings of potentially catastrophic vulnerabilities, it is imperative that organizations immediately apply the appropriate patches to ensure their systems are secure."
Retina Network Security Scanner customers are already protected against this vulnerability. It is imperative that users scan their networks for vulnerable machines and follow the remediation instructions provided by Retina. eEye Digital Security is a leading contributor to network security research. For more information about upcoming advisories, visit http://www.eeye.com/html/Research/Upcoming/index.html.
For more information about eEye’s research team, please visit http://www.eeye.com/research.
For more information on Retina Network Security Scanner, please visit: http://www.eeye.com/html/Products/Retina/index.html.
For information on the ASN vulnerabilities, please refer to eEye’s advisories:
http://www.eeye.com/html/Research/Advisories/AD20040210.html
http://www.eeye.com/html/Research/Advisories/AD20040210-2.html
About eEye’s Research Team
eEye's research team is recognized as a leader in network security – having detected dozens of high-severity vulnerabilities and worms in the past few years, including the Code Red, Sapphire and RPC DCOM vulnerabilities. With unparalled security expertise, eEye’s research team is regarded as one of the foremost authorities on vulnerability discovery and has built upon this heritage to deliver the industry’s most comprehensive enterprise vulnerability assessment and remediation management solutions.
About eEye Digital Security
eEye Digital Security is a leading developer of network security products and an active contributor to network security research and education. eEye offers several award-winning solutions including Enterprise Vulnerability Assessment, Remediation Management and Intrusion Prevention. eEye products protect the networks and digital assets of thousands of corporate and government entities in over forty countries including Citigroup, Prudential, AT&T Wireless and Ernst & Young. For more information, visit http://www.eeye.com.