Microsoft Patches 'Critical' ASN.1 Vulnerability | Internet News
Developer
SHARE
Facebook X Pinterest WhatsApp

Microsoft Patches ‘Critical’ ASN.1 Vulnerability

Written By
Ryan Naraine
Ryan Naraine
Feb 10, 2004
2 minute read

Microsoft on Tuesday issued a “critical” alert for a buffer overflow flaw in its implementation of the Abstract Syntax Notation 1 (ASN.1) data standard, warning that malicious hackers could seize complete control of unpatched machines.

The patch for the Microsoft ASN.1 Library was released with a chilling warning that a successful exploit would allow an attacker to install programs, view data, change data, delete data, or create new user accounts with full privileges.

The ASN.1 standard is used by many applications and devices in the technology industry to allow the normalization and understanding of data across various platforms.

The flaw carries a “critical” rating on Windows NT 4.0, Windows NT Server 4.0 Terminal Server Edition, Windows 2000, Windows XP and Windows Server 2003.

As part of its scheduled February patch release, Microsoft also issued fixes for two other vulnerabilities — in the Windows Internet Naming Service (WINS) and in the Virtual PC for Mac. Both bulletins are rated “important.”

The software giant urged customers using the Windows Internet Naming Service (WINS) to install the patch at the earliest opportunity. A successful exploit could lead to malicious code execution.

In the alert, Microsoft said the bug exists because of the method used by WINS to validate the length of specially-crafted packets. “On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service.”

A third security fix was also issued for a vulnerability in Virtual PC for Mac that could lead to privilege elevation. The flaw affects the Virtual PC for Mac version 6.0 through 6.1.

The hole exists because of the method by which the software creates a temporary file when you run Virtual PC for Mac, Microsoft explained, warning that an attacker could insert malicious code into the file which could cause the code to be run with system privileges. “This could give the attacker complete control over the system.”

Microsoft also announced the re-release of security bulletin MS03-051 to provide 64-bit support. That patch was first issued last November to fix “critical” buffer overflows in Microsoft FrontPage Server Extensions.
Ryan Naraine
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information