Microsoft Windows vulnerability - Highly Critical!!!

[Broni]

Microsoft Windows NNTP Response Handling Buffer Overflow

SECUNIA ADVISORY ID:
SA27112

VERIFY ADVISORY:
http://secunia.com/advisories/27112/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Vista
http://secunia.com/product/13223/
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Storage Server 2003
http://secunia.com/product/12399/

SOFTWARE:
Microsoft Outlook Express 5.5
http://secunia.com/product/189/
Microsoft Outlook Express 6
http://secunia.com/product/102/

DESCRIPTION:
VeriSign iDefense Labs has reported a vulnerability in Microsoft
Windows, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error in inetcomm.dll
when processing NNTP (Network News Transfer Protocol) responses. This
can be exploited to cause a heap-based buffer overflow by returning
more data than requested by the client.

Successful exploitation may allow execution of arbitrary code when a
user e.g. visits a malicious website.

SOLUTION:
Apply patches.

Windows 2000 SP4 and Outlook Express 5.5 SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5AA009C9-4EDC-4F34-989B-0493549649E8

Windows 2000 SP4 and Outlook Express 6 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=b537115d-611c-4486-960c-08d2df450579

Windows XP SP2 and Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3ed7f466-78c7-4251-ba24-8ae71ad54e18

Windows XP Professional x64 Edition SP2 and Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6468a552-2194-4866-97d5-ff77ae205eea

Windows Server 2003 SP1 and Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=708926e4-f8af-4533-8747-22d6536ebd66

Windows Server 2003 SP2 and Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=708926e4-f8af-4533-8747-22d6536ebd66

Windows Server 2003 x64 Edition and Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=26720f5a-d7e9-44b9-9330-2e9faa4af0d9

Windows Server 2003 x64 Edition SP2 and Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=26720f5a-d7e9-44b9-9330-2e9faa4af0d9

Windows Server 2003 with SP1 for Itanium-based systems and Outlook
Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=a8844fbb-5b2c-41f3-80f1-dce563aa7cb7

Windows Server 2003 with SP2 for Itanium-based systems and Outlook
Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=a8844fbb-5b2c-41f3-80f1-dce563aa7cb7

Windows Vista and Windows Mail:
http://www.microsoft.com/downloads/details.aspx?FamilyId=b6ac8d93-adc3-4ec3-bad1-4990bd7d52b4

Windows Vista x64 Edition and Windows Mail:
http://www.microsoft.com/downloads/details.aspx?FamilyId=34aaf9dd-4d63-43e2-b631-bbf492d56a26

[C.C.2020]

sooo what does this mean??? ;Dlol

[Broni]

You have to apply appropriate for your OS patches.