Today subscribers of Microsoft's official security mailing list received what seems like the beginning of the next script kiddies golden age. Microsoft have discovered a critical (Aye, brothers, indeed!) buffer overflow in the Remote Procedure Call service. Affected OS's range from NT 4.0 to their latest goliath -- Windows Server 2003, including 2000 and XP. For more information read the details, for the impatient , here's the download link, patch immediately (!) if affected: http://www.microsoft.com/technet/security/...in/ms03-026.asp
The Remote Procedure Call (RPC), which provides network interoperability and running by default on most win32 OS's (don't flame if I'm incorrect on the all part, please, urgency requires immediate release) is affected by a buffer overflow condition. Since the RPC service runs with SYSTEM privileges, this translates into disaster. The issue is as bad as some of the worst IIS 4.0 flaws, perhaps even worse. The topic has not been as of yet discussed on Security Focus's bugtraq list, so it is my guess Microsoft discovered the issue by internal means. At any rate, there's an exploit coming for this one any time soon so any and all users running Windows NT 4.0, 2000, XP and 2003 are to apply the referenced patch IMMEDIATELY and WITHOUT DELAY.
Common logic sugests this flaw is as old as Windows NT 4.0, draw your own conclusions. For those fine citizens of Mongola and those without technical security sk|11z the bottom line is: if you don't patch, in the next couple of weeks if not hacked, then you'll most probably become the victim of a worm. Yes, it's that serious.
View: Microsoft Security Bulletin MS03-026 for patch & details