SECUNIA ADVISORY ID: SA23312
VERIFY ADVISORY: http://secunia.com/advisories/23312/
CRITICAL: Moderately critical
IMPACT: System access
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server - http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server - http://secunia.com/product/1177/
Microsoft Windows 2000 Professional - http://secunia.com/product/1/
Microsoft Windows 2000 Server - http://secunia.com/product/20/
DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the Remote Installation Service enabling a TFTP service, which by default allows anonymous users to upload malicious files or overwrite existing operating system files.
SOLUTION: Apply patch.
Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=0ed62db9-4534-4f27-a49e-020c7a7d69e0
PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Ruff.
ORIGINAL ADVISORY: MS06-077 (KB926121): http://www.microsoft.com/technet/security/Bulletin/MS06-077.mspx
Windows Remote Installation Service Writable Path VulnerabilityPosted on Wednesday, December 13, 2006 @ 00:36:13 UTC in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
