Microsoft Security Bulletin MS03-039 ! Critical Security Issue

Jagermeister

Newbie
Joined
May 21, 2003
Messages
1,052
Reaction score
0
Just a heads up for you guys, so you don't get fuct over.




Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

Originally posted: September 10, 2003

Impact of vulnerability: Three new vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user’s system.

The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.

Read More

Technical Details:

Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation— two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service.

Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.

Affected Software:

* Microsoft Windows NT Workstation 4.0
* Microsoft Windows NT Server® 4.0
* Microsoft Windows NT Server 4.0, Terminal Server Edition
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server 2003

Download the patch over here.
 
Can u translate that i didnt understand half of it/ couldnt be bothered ;)
 
Originally posted by Farrowlesparrow
Wow, Windows ME now actually has a bonus to it being on my computer :eek:

Heheh, one up to the ME lads! Possibly the only advantage we have.
 
Hoorah! Go us :D
Hmm, i think I have the strangest version of Windows ever:

when my compy boots up, it says:Microsoft Windows 2000ME Professional Edition, built on NT technology

:|
 
Yay, once again, I am not affected.

/me is proptly beaten for having Windows ME.
 
I use linux more and more now. Since about all the games i have are supported by it. I like linux, its got a lot better lately.
 
I've never even seen anyone running linux :O... :p

Sorry, but I've only been into computers for 5 years.... read the staff page for more details :)
 
Back
Top