Revised April 14, 2008
January 15, 2004
THIS FIELD NOTICE HAS BEEN EXPIRED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
BBSM 5.0 and BBSM 5.1
BBSM 5.0 and BBSM 5.1
Note: 5.2 sp2 and 5.3 have this patch included in the baselines
Cisco Building Broadband Service Manager (BBSM) 5.0 and BBSM 5.1 do not have a webpatch available for the Microsoft Security Bulletin MS03-049 Buffer Overrun in the Workstation Service
MS03-049 can be safely installed directly from the Microsoft Download page.
Microsoft Security Bulletin MS03-049
Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
Issued: November 11, 2003
Updated: November 19, 2003
A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.
If users have blocked inbound User Datagram Protocol (UDP) ports 138, 139, 445 and Transmission Control Protocol (TCP) ports 138, 139, 445 by using a firewall, an attacker would be prevented from sending messages to the Workstation service. Most firewalls, including Internet Connection Firewall in Windows XP, block these ports by default.
Disabling the Workstation service will prevent the possibility of attack. However there are a number of impacts when performing this workaround. Please see the Workaround/Solution section for more details.
Only Windows 2000 and Windows XP are affected. Other operating systems are not vulnerable to this attack.
Microsoft Windows 2000 Critical
Microsoft Windows XP Critical
Denial of Service
Install the fix directly from the Microsoft Download page.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.