MS03-005: Unchecked buffer in Windows redirector may permit privilege elevation (810577)


The information in this article applies to:

  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows XP 64-Bit Edition

SYMPTOMS

The Windows Redirector is used by Windows-based clients to gain access to files (local or remote), no matter which underlying network protocol is in use. For example, you can use the Add a Network Place Wizard or the net use command to map a network share as a local drive. In either case, the Windows Redirector handles the routing of information to and from the network share.

A security vulnerability exists in the implementation of the Windows Redirector on Windows XP. This vulnerability is caused by an unchecked buffer that is used to receive parameter information. By providing malformed data to the Windows Redirector, an attacker might cause Windows to stop working. Or, if the data is crafted in a particular way, might permit the attacker to run code.

RESOLUTION

Service pack information

To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack

Update Information

The following files are available for download from the Microsoft Download Center:

Windows XP Home Edition, Windows XP Professional, Windows XP Tablet PC Edition, Windows XP Media Center Edition

All languages: DownloadDownload the 810577 package now

Windows XP 64-Bit Edition

All languages: DownloadDownload the 810577 package now

Release Date: December 11, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information

You can apply this update to the released version of Windows XP, or to Windows XP Service Pack 1 (SP1). You must restart your computer after you apply this update. This update supports the following Setup switches:
  • /? : Display the list of installation switches.
  • /u : Use unattended mode.
  • /f : Force other programs to quit when the computer shuts down.
  • /n : Do not back up files for removal.
  • /o : Overwrite OEM files without prompting.
  • /z : Do not restart when installation is complete.
  • /q : Use Quiet mode (no user interaction).
  • /l : List installed hotfixes.
  • /x Extract the files without running Setup.
For example, to install the update without any user intervention, and then not to force the computer to restart, use the following command:

q810577_wxp_sp2_x86_enu /u /q /z

Warning Your computer is vulnerable until you restart it.

File information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Home Edition and Windows XP Professional

   Date         Time   Version        Size     File name
   --------------------------------------------------------------------------------
   18-Nov-2002  16:27  5.1.2600.106  392,576  %Windir%\System32\Drivers\Mrxsmb.sys

Windows XP Home Edition SP1, Windows XP Professional SP1, Windows XP Tablet PC Edition, and Windows XP Media Center Edition

   Date         Time   Version            Size    File name
   --------------------------------------------------------------
   18-Nov-2002  16:27  5.1.2600.1143     392,576  %Windir%\System32\Drivers\Mrxsmb.sys

Windows XP 64-Bit Edition

  Date         Time   Version        Size        File name
   ----------------------------------------------------------------------------------
   18-Nov-2002  16:17  5.1.2600.106   1,237,376  %Windir%\System32\Drivers\Mrxsmb.sys

Windows XP 64-Bit Edition SP1

  Date         Time   Version            Size     File name
   --------------------------------------------------------------
   18-Nov-2002  16:28  5.1.2600.1143   1,236,864  Mrxsmb.sys

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows XP Service Pack 2.

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-005.mspx

Modification Type:MajorLast Reviewed:10/25/2004
Keywords:ATdownload kbWinXPsp2fix KbSECVulnerability KbSECBulletin kbSecurity kbWinXPpreSP2fix kbfix kbbug KB810577
©2004 Microsoft Corporation. All rights reserved.