MS03-039 Buffer Overrun in RPCSS Flaw


Recommended Posts

MS03-039: A Buffer Overrun in RPCSS May Allow Code Execution

Q824146

Affected Software:

Microsoft Windows Server 2003, 64-Bit Enterprise Edition

Microsoft Windows Server 2003, 64-Bit Datacenter Edition

Microsoft Windows Server 2003, Enterprise Edition

Microsoft Windows Server 2003, Standard Edition

Microsoft Windows Server 2003, Web Edition

Microsoft Windows XP Professional

Microsoft Windows XP Home Edition

Microsoft Windows XP Media Center Edition

Microsoft Windows XP Tablet PC Edition

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Professional

Microsoft Windows 2000 Server

Microsoft Windows 2000 Datacenter Server

Microsoft Windows NT Server 4.0

Microsoft Windows NT Server 4.0 Terminal Server Edition

Microsoft Windows NT Workstation 4.0

Remote Procedure Call (RPC) is a protocol that is used by Windows. RPC provides an inter-process communication mechanism that allows a program that is running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft-specific extensions.

There are three identified vulnerabilities in the part of the Windows RPC service (RPCSS) that deals with RPC messages for DCOM activation. Two of the vulnerabilities might allow arbitrary code to be run; one of the vulnerabilities might result in a denial of service. The flaws result from incorrect handling of malformed messages. These vulnerabilities affect the Distributed Component Object Model (DCOM) interface in RPCSS. This interface handles DCOM object activation requests that are sent by client computers to the server.

An attacker who successfully exploits these vulnerabilities might be able to run code with Local System rights on an affected computer, or could cause RPCSS to stop working. The attacker could then take any action on the computer, including installing programs, viewing, changing, or deleting data, or creating new accounts with full rights.

To exploit these vulnerabilities, an attacker could create an exploit program to send a malformed RPC message that targets RPCSS on a vulnerable server.

Download:

Windows 2003 32-bit

Windows 2003 64-bit

Windows XP 32-bit

Windows XP 64-bit 2002 Edition

Windows XP 64-bit 2003 Edition

Windows 2000 SP2, SP3, SP4

Windows NT 4.0 Workstation

Windows NT 4.0 Server

Windows NT 4.0 Terminal Server

Source:

MSKB824146

Link to comment
https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/
Share on other sites

Microsoft Security Bulletin MS03-039 Print

Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

Originally posted: September 10, 2003

Summary

Who should read this bulletin: Users running Microsoft ? Windows ?

Impact of vulnerability: Run code of attacker?s choice

Maximum Severity Rating: Critical

Recommendation: System administrators should apply the security patch immediately

End User Bulletin:

An end user version of this bulletin is available at:

http://www.microsoft.com/security/security...ns/ms03-039.asp.

Protect your PC:

Additional information on how you can help protect your PC is available at the following locations:

End Users can visit http://www.microsoft.com/protect

IT Professionals can visit http://www.microsoft.com/technet/security/...ps/pcprotec.asp

Affected Software:

Microsoft Windows NT Workstation 4.0

Microsoft Windows NT Server? 4.0

Microsoft Windows NT Server 4.0, Terminal Server Edition

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003

Not Affected Software:

Microsoft Windows Millennium Edition

Patch availability

Download locations for this patch

Windows NT Workstation

Windows NT Server 4.0

Windows NT Server 4.0, Terminal Server Edition

Windows 2000

Windows XP

Windows XP 64 bit Edition

Windows XP 64 bit Edition Version 2003

Windows Server 2003

Windows Server 2003 64 bit Edition

http://www.microsoft.com/technet/treeview/...in/MS03-039.asp

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Sounds creepy to say the least. Don't need nor want AI having access to my history. They're claiming it to be an "offline" model now, but how can we guarantee they don't go behind our backs and change that?
    • Exactly! Without those fundamentals you've mentioned, Democracy is literally just Demonstration of Crazy, nothing to be proud of in such system.
    • Still I see almost no ads in mobile Edge unlike Chrome. So their browser is much better at blocking ads than Chrome and it is a fact. It even blocks ads on YouTube and you can add simple custom block filters. Also, Edge still support manifest v2 on desktop, so I'll look for another browser when I start seeing ads again.
    • Considering they consistently release a new version every year, I think it makes perfect sense. There is a minor pain point at the time of the change, so as long as they only change it once, we get over it and end up in a better place. The issue with MS' naming scheme is that they change their mind so frequently. 3.1, 95, 98, ME, 2000, XP, Vista, 7, 8, 8.1 10, there is no consistency. That was the issue, not the choice of naming the OS after the year. Minor correction: Windows 7 was 6.1. Even Windows 10 was version 6.4 at launch, but they retroactively changed it to 10.0 early on, along with an announcement that they would no longer track the kerel version and OS version separately...then proceeded to call Windows 11 version 10.0.2, so yeah, MS sucks at naming.
    • I don't think there is any problem with the two-digit number. Even if someone didn't understand the meaning, 26 > 18, so they will still understand at a glance that it is a newer version. The only downside I see is someone assuming 18 is a MUCH older than 26, but IMO, that confusion really isn't a big issue. The truth is that the majority of software companies use the 2-digit number; Microsoft is the outlier, and even they used 2-digit numbers in the past.
  • Recent Achievements

    • First Post
      viraltui earned a badge
      First Post
    • Reacting Well
      viraltui earned a badge
      Reacting Well
    • Week One Done
      LunaFerret earned a badge
      Week One Done
    • Week One Done
      Ricky Chan earned a badge
      Week One Done
    • Week One Done
      maimutza earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      481
    2. 2
      +FloatingFatMan
      264
    3. 3
      snowy owl
      238
    4. 4
      ATLien_0
      230
    5. 5
      Edouard
      176
  • Tell a friend

    Love Neowin? Tell a friend!