Technical Cyber Security Alert 2006-5A

Technical Cyber Security Alert 2006-5A (TA06-5A) was a critical advisory Technical Cyber Security Alert 2006-5A (TA06-5A) was a critical advisory issued by US-CERT regarding a severe vulnerability in the Microsoft Windows Server Service.

This flaw, detailed in Microsoft Security Bulletin MS06-040, allowed for **remote code execution (RCE)**. An unauthenticated attacker could exploit this by sending specially crafted RPC requests to affected systems (Windows 2000, XP, Server 2003) over the network (port 445/SMB).

The vulnerability was deemed "critical" due to its potential for **complete system compromise** and its "wormable" nature, meaning it could spread rapidly. TA06-5A urged immediate patching of all affected systems and recommended blocking inbound SMB traffic (port 445) at network perimeters to mitigate the risk. It underscored the critical importance of timely patch management.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA06-005A


Update for Microsoft Windows Metafile Vulnerability

Original release date: January 5, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Systems running Microsoft Windows


Overview

Microsoft Security Bulletin MS06-001 contains an update to fix a
vulnerability in the way Microsoft Windows handles images in the
Windows Metafile (WMF) format.


I. Description

TA05-362A describes a vulnerability in the way Microsoft Windows
handles Windows Metafile images. This vulnerability could allow a
remote attacker to execute arbitrary code. Microsoft Security Bulletin
MS06-001 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#181038.


II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary
code if the user is persuaded to view a specially crafted Windows
Metafile.


III. Solution

Apply a patch from your vendor

Install the appropriate update according to Microsoft Security
Bulletin MS06-001.


Appendix A. References

* Microsoft Security Bulletin MS06-001 -
<http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx>

* US-CERT Vulnerability Note VU#181038 -
<http://www.kb.cert.org/vuls/id/181038>

* US-CERT Technical Cyber Security Alert TA05-362A -
<http://www.us-cert.gov/cas/techalerts/TA05-362A.html>


____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA06-005A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA06-005A Feedback VU#181038" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________



Revision History

January 5, 2006: Initial release



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ72ZA30pj593lg50AQLAqgf/Wwj2V0SfgA61RdAw1H8GxAaWjb3Hsuix
8DMAcZv8yITiZLkt2JD/d1piq28v0o23g0TR2I2F5sj+8GsfkmYGLOGkoqYJ4v+0
8yD3JZIxwcR+OJlA29HZebBHUNR00QBUQEb369QK9mntVqUZ/XKGiW05mQPODwhr
rFJQy3hB54evEGltScn4wTzzEB2YsSShKlBCAPOVLocLUNIZ1X60n234fe0YLABK
IUpDp6g/CrDmQ3fQYLfBGQQD462NIdccYzeYNARCOSR77dHbPYAiMvNQiiJSvrEp
4Iz2Gkm0T+jA9o4SgmkuYOtA/+3XaWXDgUP3d6Kwfo4cm9LzciF+vQ==
=GfKm
-----END PGP SIGNATURE-----