Maximum severity rating: critical

Computer systems administrators using Microsoft Windows NT, Windows 2000 and Windows XP might do well to download a new patch from the Microsoft Technet site to protect their computers from being hacked into.

The vulnerability of the systems is due to a flaw in the Microsoft Remote Access Service (RAS). The RAS provides dial-up connections between computers and networks over phone lines. RAS is delivered as a native system service in Windows NT 4.0, Windows 2000 and Windows XP, and also is included in a separately downloadable Routing and Remote Access Server (RRAS) for Windows NT 4.0.

All of these implementations include a RAS phonebook, which is used to store information about telephone numbers, security, and network settings used to dial-up remote systems.

However, a flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges.

If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.

An attacker who successfully exploited this vulnerability could gain complete control over the machine, thereby gaining the ability to take any desired action on the machine, such as adding, deleting, or modifying data on the system, creating or deleting user accounts, and adding accounts to the local administrators group.

Fortunately, the Microsoft patch eliminates the vulnerability by instituting proper input checking on the RAS phonebook entries.