OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mike Hays (cpunews_at_HOTMAIL.COM)
Date: Sat Jan 25 2003 - 23:19:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Russ,
    People may not be aware that Microsoft AppCenter 2000 uses MSDE, and that
    due to the way the two are integrated, the AppCenter MSDE instance
    (MSSQL$MSAC) _cannot_ be patched except through an AppCenter service pack.
    The last service pack came out October 2001 and the next one isn't due until
    the release of Windows Server 2003. That is a long time between patching!

    I have given PSS and the TAM for the company I consulted at a hard time
    about this, and they have always assured me that this MSDE instance isn't
    susceptible to attack since it is self-contained. I never liked this answer
    and didn't believe it (for good reason), but couldn't get a solution. Now
    the SQLSlammer worm appears to have proven that AppCenter isn't invulnerable
    to MSDE vulnerabilities, and that Microsoft needs to remedy this situation
    immediately.

    The AppCenter instance of MSDE does listen on UDP 1434, and while I have not
    witnessed a compromised system myself (that's a good thing), there is at
    least one poster to Usenet who claims he was attacked through the AppCenter
    instance of MSDE (see link below).

    Please do what you can to warn people about this problem and exert any
    pressure you can on Microsoft to correct this issue. Since many AppCenter
    installations reside in DMZs, this could be serious.

    Thanks,
    Mike Hays

    Usenet Poster claiming compromise:
    http://groups.google.com/groups?dq=&hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&group=microsoft.public.applicationcenter.admin&selm=079201c2c4aa%241877e430%248df82ecf%40TK2MSFTNGXA02

    _________________________________________________________________
    The new MSN 8: smart spam protection and 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at www.2test.com. NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit www.trusecure.com/ticsa for full details.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo