Vulnerability: MS08-059. Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
Back to Latest vulnerabilities homepage
Click any highlighted term for further explanation.
| Details | |
|---|---|
| Vulnerability name/brief description | Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) - MS08-059 |
| CVE/CAN name | CVE-2008-3466 |
| Vendor threat level | Critical |
| SophosLabs threat level | High |
| Solution | Users are advised to apply the vendor patch for MS08-059 . |
| Vendor description | This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights. |
| SophosLabs comments | This vulnerability allows remote code execution when a specifically crafted request is sent to the RPC server on the affected system. Although this vulnerability does not require attacker to authenticate and allows for remote code execution in a way similar to older network spreading worms, initially we assigned this vulnerability threat level medium since the number of users using Windows Host Integration Server is relatively low which means that this is going to be an unlikely target for malware writers. The threat level for users of Windows Host Integration server is high, especially as it can be exploited in a targeted attack. The first exploit was released on 15 October 2008 and the risk that the exploit is going to be used in malware attack has increased to high. |
| SophosLabs testing result | N/A |
| Currently known exploits | A publicaly available exploit was released on 15 October 2008 as a part of the Metasploit exploit development framework, which makes an attack on vulnerable servers more likely. |
| First sample seen | N/A |
| Discovery date | 14 October 2008 |
| Affected software | Microsoft Host Integration Server 2000 |
| References | http://www.microsoft.com/technet/security/Bulletin/ms08-059.mspx |
| Credits | Microsoft |
| Revisions | 16 October 2008 - added Metasploit exploit details, raised threat level to high. 14 October 2008 - initial analysis written |
Explanation of terms
Vulnerability Name/Brief Description:
Vendor identifier plus a brief description of the type of attack.
CVE/CAN Name:
Currently assigned CVE name. If a CVE name doesn't exist the CAN name will be used until a CVE has been assigned.
Vendor Threat Level:
Threat level assigned by the vendor
SophosLabs Threat Level:
Threat level assigned by SophosLabs
- LOW RISK - There is little chance of this vulnerability being actively exploited by malware.
- MEDIUM RISK - There is a possibility of this vulnerability being actively exploited by malware.
- HIGH RISK - There is a strong possibility of this vulnerability being actively exploited by malware.
- CRITICAL RISK - This vulnerability will almost certainly be actively exploited by malware.
Solution:
Vendor-supplied Patch identifier and recommended solution, or workaround if applicable.
Vendor Description:
Summary of the cause and potential effect of the vulnerability provided by the vendor.
SophosLabs Comments:
SophosLabs' opinions and observations of the vulnerability in question.
SophosLabs Testing Result:
Details of completed lab testing, if applicable. Please note that the lab test environment may differ significantly from user environments.
Currently Known Exploits:
List of identities for known exploits, if applicable.
First Sample Seen:
Date of the first sample seen by SophosLabs.
Discovery Date:
Date of the earliest known publically disclosed advisory.
Affected Software:
Vulnerable platforms and software versions.
If you need more information or guidance, then please contact technical support.
- Article ID: 47257
- Created: 15 Oct 2008
- Last updated: 23 Oct 2008
