Whipnet's Home
Home
Whipnet's Web Hosting Services
Whipnet's Tech Services for Houston, Tx

Contact Whipnet

 


Business Consultations
You Are Here --->
Software Services
Virus Removal Services
 
Technical Hand - Hardware - LAN - Rollouts

 

 

Where is the Industry Headed?

Future of Computing

Home | Computer Hardware ServicesMicrosoft Security Bulletins

The information provided in this site is provided "as is" without warranty of any kind. Microsoft Corporation disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Furthermore, this information is only listed as a resource for such information by Whiptech. Whiptech is in no way responsible for the use or misuse of the information by anyone, anywhere, at anytime.

Home | Computer Hardware ServicesMicrosoft Patch Disclosure - August 2006

Microsoft Security Bulletin MS06-041

Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683)
       Winsock Hostname Vulnerability - CVE-2006-3440:
       Mitigating Factors for Winsock Hostname Vulnerability - CVE-2006-3440:
Published: August 8, 2006
Microsoft Severity Rating: Critical

Description:
This patch addresses two separate issues in Microsoft's implementation of DNS. CVE-2006-3440 is a remote code execution in Winsock that allows for remote code to be executed when a user is tricked into opening a file or visiting a maliciously crafted website.
The second issue, CVE-2006-3441, is a DNS Client Buffer Overrun Vulnerability that allows for remote code to be executed. Recommendations Both of these issues are serious, but there are some mitigation steps that can be taken for those that are not able to immediately install the patch. For CVE-2006-3440, Microsoft suggests editing your registry to remove the attack vectors; for CVE-2006-3441, you can block specific DNS record types at your gateway. While these are useful short term mitigations, they do not solve the actual vulnerability so it is recommended that this patch be installed.

Mitigating Factors:
The vulnerability could be exploited by an attacker who persuaded a user to open a specially crafted file or view a specially crafted website. There is no way for an attacker to force a user to open a specially crafted file, except potentially through previewing an e-mail message.

Affected Software:
. Microsoft Windows 2000 Service Pack 4
. Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
. Microsoft Windows XP Professional x64 Edition
. Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
. Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
. Microsoft Windows Server 2003 x64 Edition


HOME                                                          © 2002-2020 Whipnet Technologies