what you don't know can hurt you

ms01-001

ms01-001
Posted Jan 13, 2001

Microsoft Security Bulletin (MS01-001) - The Web Extender Client (WEC), a component that ships as part of Office 2000, Windows 2000, and Windows Me, does not respect the IE Security settings regarding when NTLM authentication will be performed - instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's web site - either by browsing to the site or by opening an HTML mail that initiated a session with it - an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute force attack, or with specialized tools, could submit a variant of these credentials in an attempt to protected resources. Microsoft FAQ on this issue available here.

tags | web
systems | windows, 2k, me
MD5 | 3708ea76c97b3c3e5fc79df8f41bf0ca

ms01-001

Change Mirror Download
The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not reply to this message, as it was sent from an unattended
mailbox.
********************************

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title: Web Client NTLM Authentication Vulnerability
Date: January 11, 2001
Software: Office 2000, Windows 2000, and Windows Me
Impact: NTLM Credentials sent regardless of prompt setting
Bulletin: MS01-001

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-001.asp.
- ----------------------------------------------------------------------

Issue:
======

The Web Extender Client (WEC) is a component that ships as part of
Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and
publish files via web folders, similar to viewing and adding files in
a directory through Windows Explorer. Due to an implementation flaw,
WEC does not respect the IE Security settings regarding when NTLM
authentication will be performed - instead, WEC will perform NTLM
authentication with any server that requests it. If a user
established a session with a malicious user's web site - either by
browsing to the site or by opening an HTML mail that initiated a
session with it - an application on the site could capture the user's
NTLM credentials. The malicious user could then use an offline brute
force attack to derive the password or, with specialized tools, could
submit a variant of these credentials in an attempt to access
protected resources.

The vulnerability would only provide the malicious user with the
cryptographically protected NTLM authentication credentials of
another user. It would not, by itself, allow a malicious user to gain
control of another user's computer or to gain access to resources to
which that user was authorized access. In order to leverage the NTLM
credentials (or a subsequently cracked password), the malicious user
would have to be able to remotely logon to the target system.
However, best practices dictate that remote logon services be blocked
at border devices, and if these practices were followed, they would
prevent an attacker from using the credentials to logon to the target
system.

Mitigating Factors:
====================
- The client would need to be coerced into visiting a malicious web
site
or read malicious e-mail.

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms01-001.asp
for information on obtaining this patch.

Acknowledgment:
===============
- David Litchfield (http://www.atstake.com)

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOl5RpY0ZSRQxA/UrAQF4oggAhATiZyE/xnueJyvfT1PVGMkjAG8ovrqM
uVR0qDLmWMzlAdlSnNynyu6vJyZEHLCklFyM008J8pX6Sk3K+f9DJNLvR/GY8CHX
pwjgHpnQuZxxpqBXQXY4bCgDccvqT6+toojYcdpUZT73zXB3TwihALYJccA+Mxxm
yrX/3b/WnR8i3V19bpOpL4pCJDEhGHtokHo2W6DNuAQTOS7MNPX8rDvWYu4wHeZx
afv++9pMht9mVGDnSeBDVIkAg61KYVRgY8oOKqLp7hjRvAkaDOWj+BdcQxZHttx+
TQ2gSqok2xyRCaKfC3GYugARNf5aJ8QTqLrIl3U319XgzBrIY2yxWg==
=/JDx
-----END PGP SIGNATURE-----

*******************************************************************
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/technet/security/notify.asp. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    19 Files
  • 26
    Jun 26th
    10 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close