CERT® Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows and ExchangeOriginal issue date: October 16, 2003
Last revised: October 17, 2003
A complete revision history is at the end of this file.
There are multiple vulnerabilities in Microsoft Windows and Microsoft Exchange, the most serious of which could allow remote attackers to execute arbitrary code.
There are a number of vulnerabilities in Microsoft Windows and Microsoft Exchange that could allow an attacker to gain administrative control of a vulnerable system. The most serious of these vulnerabilities allow an unauthenticated, remote attacker to execute arbitrary code with no action required on the part of the victim. For detailed information, see the following vulnerability notes:
In addition, several other vulnerabilities may permit an attacker to execute arbitrary code if the attacker can convince the victim to take some specific action (e.g., viewing a web page or an HTML email message). For detailed information, see the following vulnerability notes:
Finally, there is a vulnerability in ListBox and ComboBox controls that could allow a local user to gain elevated privileges. For detailed information, see
The impact of these vulnerabilities ranges from denial of service to the ability to execute arbitrary code.
Disable the Messenger Service
For VU#575892, Microsoft recommends first disabling the Messenger service and then evaluating the need to apply the patch. If the Messenger service is not required, leave it in the disabled state. Apply the patch to make sure that systems are protected, especially if the Messenger service is re-enabled. Instructions for disabling the Messenger service can be found in VU#575892 and MS03-043.
Microsoft has provided patches for these problems. Details can be found in the relevant Microsoft Security Bulletins. For many home users, the simplest way to obtain these patches will be by running Windows Update.
Appendix A. Vendor Information
This appendix contains information provided by vendors. When vendors report new information, this section is updated, and the changes are noted in the revision history. If a vendor is not listed below, we have not received their authenticated, direct statement. Further vendor information is available in the Systems Affected sections of the vulnerability notes listed above.
Appendix B. References
Our thanks to Microsoft Corporation for the information contained in their security bulletins. Microsoft has credited the following people for their help in discovering and responding to these issues: Greg Jones of KPMG UK and Cesar Cerrudo, The Last Stage of Delirium Research Group, David Litchfield of Next Generation Security Software Ltd., Brett Moore of Security-Assessment.com, Joao Gouveia, and Ory Segal of Sanctum Inc.
Feedback can be directed to the authors, Shawn V. Hernan and Art Manion.
This document is available from: http://www.cert.org/advisories/CA-2003-27.html
CERT/CC Contact Information
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site
* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
October 16, 2003: Initial release, added CAN-2003-0662 reference