New LSASS RPC Exploit
The exploit code has been posted (not confirmed as functional yet) that would allow an attacker to take advantage of an remote buffer overflow in the Local Security Authority Subsystem service(LSASS). In the recent release of MS04-011 by Microsoft ( http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx )one of the vulnerabilities affects the LSA service. The LSASS provides an interface to manage local security, domain authentication and active directory processes. LSASS fails to check the length of the message before passing it on to the correct service. This exploit would allow an attacker to execute code and gain complete control of the system. It is imperative that the patch is applied if you have not already done so.
In light of the recent vulnerability with the PCT protocol in SSL, we have been watching traffic on Port 443. As of now, traffic is up on for the targets and records and the sources are slightly elevated. This activity is consistent with increased scanning. So far there are no reports of any worm-like activity. This could change in the near future, so please be alert and if you see an increased activity on port 443, please let us know.
The Week Ahead
With all of the new vulnerabilities, viruses, worms and exploit code that has been recently published, it is important that everyone stays alert. It is easy to become complacent when you hear about potential activity and it doesn't materialize. The week ahead may prove to be very active with all of the recent events. Watch your network traffic and stay alert!! Please let us know if you see anything unusual happening on your network.
Lorna J. Hutcheson
Handler on Duty
Apr 26th 2004
1 decade ago