FNAL Critical Vulnerability Platform: Microsoft Windows 2000, Windows XP Exploitation: Remote from authenticated user Service: Plug and Play Patch By: 10/19/2005 Microsoft patch MS05-047 (905749) - Plug and Play (not to be confused with the Universal Plug and Play service), which supersedes the MS05-039 Critical Vulnerability, for Windows 2000 and XP, has been declared critical by the FNAL Computer Security Team and must be installed by Wednesday, 10/19/2005. The one week grace period is granted since the initial reports of exploitation of this vulnerability requires authenticated access unlike anonymous access in the MS05-039 vulnerability. At this writing, there are no released exploits, but rumors have it some are coming soon which are built on the older MS05-039 exploits. The 10/19 date may be accelerated if other exploitation avenues are found. The FNAL Computer Security Team will begin scanning for this vulnerability and sending informational announcements as soon as a plugin is available. Network blocks will be instituted after 10/19/2005. Patch information can be found at http://www.microsoft.com/technet/security/Bulletin/MS05-047.mspx. As always, you should install all the latest patches and also check for other application patches. CST will be evaluating the rest of the Microsoft released patches to determine their impact. |
For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by TR on July 13, 2006. (Address comments about page to the Computer Security Team.) |