Qualys Security Advisory \ February 10, 2004
Microsoft ASN.1 Vulnerability
February 10, 2004 – Qualys Vulnerability R&D Lab today released a new vulnerability
signature in the QualysGuard® Web Service to protect enterprises against a new Criticalrated
Microsoft® Windows vulnerability. Customers can immediately audit their
networks for this and other new vulnerabilities by accessing their QualysGuard
Vulnerability DetailsMicrosoft announced the existence of a new Critical-rated buffer overflow vulnerability in
the Microsoft Windows ASN.1 library, described in Microsoft Security Bulletin MS04-007.
Abstract Syntax Notation 1 (ASN.1) is a data standard that supports the cross-platform
normalization and interpretation of data. The ASN.1 library is present in all versions of
Windows and is called by a number of important functions, providing a wide variety of
potential attack vectors. An attacker exploits this vulnerability by sending malformed
data to the ASN.1 library. This vulnerability could give a remote attacker full system
privileges on the affected host, allowing them to execute code, view or edit data, and
For additional information about affected platforms and available patches, please visit the Microsoft Security Bulletin at: http://www.microsoft.com/technet/treeview/?url=/technet/ security/bulletin/MS04-007.asp
How To Protect Your NetworkA check for the ASN.1 vulnerability is already available in the QualysGuard vulnerability management platform. A default scan will detect this issue. In addition QualysGuard
users can perform a selective scan for this specific vulnerability using the following check:
- "Microsoft ASN.1 Vulnerability"
- Qualys ID: 90103
- Limit the scan to TCP ports 139, 443 and 445
- A Windows login is not required, but using one will provide an added level of
- Additionally, enable the "Windows Host Name" signature with Qualys ID 82044 if you want to report on vulnerable hosts by Windows (NetBIOS) machine name.
Technical SupportFor more information, customers may contact Qualys Technical Support directly at email@example.com or by telephone toll free at:
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102
About QualysGuardQualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers' time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.
Access for QualysGuard customers: https://qualysguard.qualys.com
Free trial of QualysGuard service: http://www.qualys.com/forms/trials/qualysguard_trial/
© Qualys, Inc. All Rights Reserved