Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Дырка в Web Extender Client

From:MICROSOFT <secure_(at)_microsoft.com>
Date:12.01.2001
Subject:Security Bulletin (MS01-001)

The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                   ********************************

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Web Client NTLM Authentication Vulnerability
Date:       January 11, 2001
Software:   Office 2000, Windows 2000, and Windows Me
Impact:     NTLM Credentials sent regardless of prompt setting
Bulletin:   MS01-001

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-001.asp.
- ----------------------------------------------------------------------

Issue:
======

The Web Extender Client (WEC) is a component that ships as part of
Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and
publish files via web folders, similar to viewing and adding files in
a directory through Windows Explorer. Due to an implementation flaw,
WEC does not respect the IE Security settings regarding when NTLM
authentication will be performed - instead, WEC will perform NTLM
authentication with any server that requests it. If a user
established a session with a malicious user's web site - either by
browsing to the site or by opening an HTML mail that initiated a
session with it - an application on the site could capture the user's
NTLM credentials. The malicious user could then use an offline brute
force attack to derive the password or, with specialized tools, could
submit a variant of these credentials in an attempt to access
protected resources.

The vulnerability would only provide the malicious user with the
cryptographically protected NTLM authentication credentials of
another user. It would not, by itself, allow a malicious user to gain
control of another user's computer or to gain access to resources to
which that user was authorized access. In order to leverage the NTLM
credentials (or a subsequently cracked password), the malicious user
would have to be able to remotely logon to the target system.
However, best practices dictate that remote logon services be blocked
at border devices, and if these practices were followed, they would
prevent an attacker from using the credentials to logon to the target
system.

Mitigating Factors:
====================
- The client would need to be coerced into visiting a malicious web
site
  or read malicious e-mail.

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin
  http://www.microsoft.com/technet/security/bulletin/ms01-001.asp
  for information on obtaining this patch.

Acknowledgment:
===============
- David Litchfield (http://www.atstake.com)

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOl5RpY0ZSRQxA/UrAQF4oggAhATiZyE/xnueJyvfT1PVGMkjAG8ovrqM
uVR0qDLmWMzlAdlSnNynyu6vJyZEHLCklFyM008J8pX6Sk3K+f9DJNLvR/GY8CHX
pwjgHpnQuZxxpqBXQXY4bCgDccvqT6+toojYcdpUZT73zXB3TwihALYJccA+Mxxm
yrX/3b/WnR8i3V19bpOpL4pCJDEhGHtokHo2W6DNuAQTOS7MNPX8rDvWYu4wHeZx
afv++9pMht9mVGDnSeBDVIkAg61KYVRgY8oOKqLp7hjRvAkaDOWj+BdcQxZHttx+
TQ2gSqok2xyRCaKfC3GYugARNf5aJ8QTqLrIl3U319XgzBrIY2yxWg==
=/JDx
-----END PGP SIGNATURE-----

  *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  [email protected]
The subject line and message body are not used in processing the request,
and can be anything you like.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For  more  information on  the  Microsoft  Security Notification  Service
please  visit  http://www.microsoft.com/technet/security/notify.asp.  For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod