MS04-024 Clarification

Susan

Distinguished
Apr 8, 2004
249
0
18,680
Archived from groups: microsoft.public.win2000.security (More info?)

This patch states under Executive Overview and FAQ
that "significant user interaction is required" to exploit
this vulnerability.

Does this mean the user has to click on a link in an email
or visit a web site, or do they have to do more than what
I'd call this as "normal interaction"??

Thanks for anyone's input on this!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi Susan,
If you dig just a bit deeper in the bulletin I believe the "Vulnerability
Details" section answers your quesion:

Vulnerability Details

Windows Shell Vulnerability - CAN-2004-0420:

A remote code execution vulnerability exists in the way that the Windows
Shell launches applications. An attacker could exploit the vulnerability if
a user visited a malicious Web site. If a user is logged on with
administrative privileges, an attacker who successfully exploited this
vulnerability could take complete control of an affected system. However,
user interaction is required to exploit this vulnerability.

Mitigating Factors for Windows Shell Vulnerability - CAN-2004-0420:

• In a Web-based attack scenario, an attacker would have to host a Web site
that contains a Web page that is used to exploit this vulnerability. An
attacker would have no way to force users to visit a malicious Web site.
Instead, an attacker would have to persuade them to visit the Web site,
typically by getting them to click a link that takes them to the attacker's
site.

• An attacker who successfully exploited this vulnerability could gain the
same privileges as the user. Users whose accounts are configured to have
fewer privileges on the system would be at less risk than users who operate
with administrative privileges.

• This vulnerability requires significant user interaction to be exploited.


--
Curtis Koenig
Security Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
>From: "Susan" <anonymous@discussions.microsoft.com>
>Subject: MS04-024 Clarification
>Date: Wed, 14 Jul 2004 09:11:50 -0700
>
>This patch states under Executive Overview and FAQ
>that "significant user interaction is required" to exploit
>this vulnerability.
>
>Does this mean the user has to click on a link in an email
>or visit a web site, or do they have to do more than what
>I'd call this as "normal interaction"??
>
>Thanks for anyone's input on this!
>