C:Amie Posted September 10, 2003 Share Posted September 10, 2003 MS03-039: A Buffer Overrun in RPCSS May Allow Code Execution Q824146 Affected Software: Microsoft Windows Server 2003, 64-Bit Enterprise Edition Microsoft Windows Server 2003, 64-Bit Datacenter Edition Microsoft Windows Server 2003, Enterprise Edition Microsoft Windows Server 2003, Standard Edition Microsoft Windows Server 2003, Web Edition Microsoft Windows XP Professional Microsoft Windows XP Home Edition Microsoft Windows XP Media Center Edition Microsoft Windows XP Tablet PC Edition Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 2000 Datacenter Server Microsoft Windows NT Server 4.0 Microsoft Windows NT Server 4.0 Terminal Server Edition Microsoft Windows NT Workstation 4.0 Remote Procedure Call (RPC) is a protocol that is used by Windows. RPC provides an inter-process communication mechanism that allows a program that is running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft-specific extensions. There are three identified vulnerabilities in the part of the Windows RPC service (RPCSS) that deals with RPC messages for DCOM activation. Two of the vulnerabilities might allow arbitrary code to be run; one of the vulnerabilities might result in a denial of service. The flaws result from incorrect handling of malformed messages. These vulnerabilities affect the Distributed Component Object Model (DCOM) interface in RPCSS. This interface handles DCOM object activation requests that are sent by client computers to the server. An attacker who successfully exploits these vulnerabilities might be able to run code with Local System rights on an affected computer, or could cause RPCSS to stop working. The attacker could then take any action on the computer, including installing programs, viewing, changing, or deleting data, or creating new accounts with full rights. To exploit these vulnerabilities, an attacker could create an exploit program to send a malformed RPC message that targets RPCSS on a vulnerable server. Download: Windows 2003 32-bit Windows 2003 64-bit Windows XP 32-bit Windows XP 64-bit 2002 Edition Windows XP 64-bit 2003 Edition Windows 2000 SP2, SP3, SP4 Windows NT 4.0 Workstation Windows NT 4.0 Server Windows NT 4.0 Terminal Server Source: MSKB824146 Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/ Share on other sites More sharing options...
freakyfriday Posted September 10, 2003 Share Posted September 10, 2003 is this the RPC worm bug? Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/#findComment-1148335 Share on other sites More sharing options...
+primortal Subscriber² Posted September 10, 2003 Subscriber² Share Posted September 10, 2003 no, but a new worm to use this flaw will be coming down soon. so patch your boxes Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/#findComment-1148344 Share on other sites More sharing options...
Steven Posted September 10, 2003 Share Posted September 10, 2003 Microsoft Security Bulletin MS03-039 Print Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) Originally posted: September 10, 2003 Summary Who should read this bulletin: Users running Microsoft ? Windows ? Impact of vulnerability: Run code of attacker?s choice Maximum Severity Rating: Critical Recommendation: System administrators should apply the security patch immediately End User Bulletin: An end user version of this bulletin is available at: http://www.microsoft.com/security/security...ns/ms03-039.asp. Protect your PC: Additional information on how you can help protect your PC is available at the following locations: End Users can visit http://www.microsoft.com/protect IT Professionals can visit http://www.microsoft.com/technet/security/...ps/pcprotec.asp Affected Software: Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Server? 4.0 Microsoft Windows NT Server 4.0, Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Not Affected Software: Microsoft Windows Millennium Edition Patch availability Download locations for this patch Windows NT Workstation Windows NT Server 4.0 Windows NT Server 4.0, Terminal Server Edition Windows 2000 Windows XP Windows XP 64 bit Edition Windows XP 64 bit Edition Version 2003 Windows Server 2003 Windows Server 2003 64 bit Edition http://www.microsoft.com/technet/treeview/...in/MS03-039.asp Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/#findComment-1148357 Share on other sites More sharing options...
Steven Posted September 10, 2003 Share Posted September 10, 2003 freakyfriday said: is this the RPC worm bug? no, it affects the same service, but this PATCH SUPERCEDES THE LAST ONE. Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/#findComment-1148474 Share on other sites More sharing options...
[yt] Posted September 16, 2003 Share Posted September 16, 2003 Thanks for the info.. installing patch now. :) Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/#findComment-1165089 Share on other sites More sharing options...
OPaul Posted September 16, 2003 Share Posted September 16, 2003 Apparently I already have the hotfix, "Windows XP Hotfix - KB824146", was it on WindowsUpdate or something? Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/#findComment-1165312 Share on other sites More sharing options...
Steven Posted September 16, 2003 Share Posted September 16, 2003 yeah...or you installed it via Automatic Updates. :D Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/#findComment-1166275 Share on other sites More sharing options...
Farquaon Posted September 17, 2003 Share Posted September 17, 2003 I applied this patch on a Win 2k system, and now Outlook 2k just freezes on the splash screen? What 2 do? Link to comment https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/#findComment-1169534 Share on other sites More sharing options...
Recommended Posts