Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability

Bugtraq ID:	21495
Class:	Design Error
CVE:	2006-5584
Remote:	Yes
Local:	No
Published:	Dec 12 2006 12:00AM
Updated:	Mar 22 2007 06:53PM
Credit:	Nicolas Ruff is credited with the discovery of this vulnerability.
Vulnerable:	Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server + Avaya DefinityOne Media Servers + Avaya IP600 Media Servers + Avaya S3400 Message Application Server 0 + Avaya S8100 Media Servers 0 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server Avaya Web Messenger 0 Avaya VPNmanagerTM Console 0 Avaya Visual Vector Client 0 Avaya Visual Messenger TM 0 Avaya Unified Messenger (r) 0 Avaya Unified Communication Center Avaya Speech Access 0 Avaya Outbound Contact Management 0 Avaya Operational Analyst 0 Avaya OctelDesignerTM 0 Avaya OctelAccess(r) Server 0 Avaya Network Reporting 0 Avaya Modular Messaging (MAS) Avaya IP Softphone 0 Avaya IP Agent 0 Avaya Interaction Center - Voice Quick Start 0 Avaya Interaction Center 0 Avaya Integrated Management Avaya Enterprise Management 0 Avaya CVLAN Avaya Contact Center Express 0 Avaya Computer Telephony 0 Avaya CMS Supervisor 0 Avaya Basic Call Management System Reporting Desktop server Avaya Basic Call Management System Reporting Desktop 0 Avaya Agent Access 0
Not Vulnerable:

Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability

Microsoft Windows is prone to a remote code-execution vulnerability.

A remote attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in a complete compromise of vulnerable computers.

Note that this issue affects only Microsoft Windows 2000. Note also that the Remote Installation Services (RIS) is not installed by default on Microsoft Windows 2000.

Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability

Solution:
Microsoft has released an update to address this vulnerability on supported platforms. Please see the referenced bulletin for more information.


Microsoft Windows 2000 Advanced Server SP4

• Microsoft Security Update for Windows 2000 (KB926121)
  http://www.microsoft.com/downloads/details.aspx?familyid=0ed62db9-4534 -4f27-a49e-020c7a7d69e0&displaylang=en

Microsoft Windows 2000 Datacenter Server SP4

• Microsoft Security Update for Windows 2000 (KB926121)
  http://www.microsoft.com/downloads/details.aspx?familyid=0ed62db9-4534 -4f27-a49e-020c7a7d69e0&displaylang=en

Microsoft Windows 2000 Professional SP4

• Microsoft Security Update for Windows 2000 (KB926121)
  http://www.microsoft.com/downloads/details.aspx?familyid=0ed62db9-4534 -4f27-a49e-020c7a7d69e0&displaylang=en

Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability

References:

• ASA-2006-275 - MS06-077 Vulnerability in Remote Installation Service Could Allow (Avaya)
  
• Microsoft Security Bulletin MS06-077 (Microsoft)
  
• Vendor Home Page (Microsoft)