MS03-039 Buffer Overrun in RPCSS Flaw


Recommended Posts

MS03-039: A Buffer Overrun in RPCSS May Allow Code Execution

Q824146

Affected Software:

Microsoft Windows Server 2003, 64-Bit Enterprise Edition

Microsoft Windows Server 2003, 64-Bit Datacenter Edition

Microsoft Windows Server 2003, Enterprise Edition

Microsoft Windows Server 2003, Standard Edition

Microsoft Windows Server 2003, Web Edition

Microsoft Windows XP Professional

Microsoft Windows XP Home Edition

Microsoft Windows XP Media Center Edition

Microsoft Windows XP Tablet PC Edition

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Professional

Microsoft Windows 2000 Server

Microsoft Windows 2000 Datacenter Server

Microsoft Windows NT Server 4.0

Microsoft Windows NT Server 4.0 Terminal Server Edition

Microsoft Windows NT Workstation 4.0

Remote Procedure Call (RPC) is a protocol that is used by Windows. RPC provides an inter-process communication mechanism that allows a program that is running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft-specific extensions.

There are three identified vulnerabilities in the part of the Windows RPC service (RPCSS) that deals with RPC messages for DCOM activation. Two of the vulnerabilities might allow arbitrary code to be run; one of the vulnerabilities might result in a denial of service. The flaws result from incorrect handling of malformed messages. These vulnerabilities affect the Distributed Component Object Model (DCOM) interface in RPCSS. This interface handles DCOM object activation requests that are sent by client computers to the server.

An attacker who successfully exploits these vulnerabilities might be able to run code with Local System rights on an affected computer, or could cause RPCSS to stop working. The attacker could then take any action on the computer, including installing programs, viewing, changing, or deleting data, or creating new accounts with full rights.

To exploit these vulnerabilities, an attacker could create an exploit program to send a malformed RPC message that targets RPCSS on a vulnerable server.

Download:

Windows 2003 32-bit

Windows 2003 64-bit

Windows XP 32-bit

Windows XP 64-bit 2002 Edition

Windows XP 64-bit 2003 Edition

Windows 2000 SP2, SP3, SP4

Windows NT 4.0 Workstation

Windows NT 4.0 Server

Windows NT 4.0 Terminal Server

Source:

MSKB824146

Link to comment
https://www.neowin.net/forum/topic/99886-ms03-039-buffer-overrun-in-rpcss-flaw/
Share on other sites

Microsoft Security Bulletin MS03-039 Print

Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

Originally posted: September 10, 2003

Summary

Who should read this bulletin: Users running Microsoft ? Windows ?

Impact of vulnerability: Run code of attacker?s choice

Maximum Severity Rating: Critical

Recommendation: System administrators should apply the security patch immediately

End User Bulletin:

An end user version of this bulletin is available at:

http://www.microsoft.com/security/security...ns/ms03-039.asp.

Protect your PC:

Additional information on how you can help protect your PC is available at the following locations:

End Users can visit http://www.microsoft.com/protect

IT Professionals can visit http://www.microsoft.com/technet/security/...ps/pcprotec.asp

Affected Software:

Microsoft Windows NT Workstation 4.0

Microsoft Windows NT Server? 4.0

Microsoft Windows NT Server 4.0, Terminal Server Edition

Microsoft Windows 2000

Microsoft Windows XP

Microsoft Windows Server 2003

Not Affected Software:

Microsoft Windows Millennium Edition

Patch availability

Download locations for this patch

Windows NT Workstation

Windows NT Server 4.0

Windows NT Server 4.0, Terminal Server Edition

Windows 2000

Windows XP

Windows XP 64 bit Edition

Windows XP 64 bit Edition Version 2003

Windows Server 2003

Windows Server 2003 64 bit Edition

http://www.microsoft.com/technet/treeview/...in/MS03-039.asp

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I was going to say that search engines and such, have been scraping everyone's copyright, IP and data, since the beginning of the internet.
    • Microsoft is officially making the Xbox app on PC a universal launcher by Pulasthi Ariyasinghe It was earlier this year that an image mockup from Microsoft showed the Xbox app on PC with an interesting change: including support for other PC stores on the app, teasing that it may be becoming a universal launcher like GOG Galaxy or Playnite. Considering the company's new handheld initiative that will house a brand-new gaming-focused version of Windows, it was clear that this feature was on the way. And now, Xbox Insiders have access. Announced today as the 'aggregated gaming library' feature, it's poised to land this holiday on the ROG Xbox Ally and ROG Xbox Ally X to easily manage all their installed games from a single place. But before that, Xbox Insiders on PC can have a crack at it to see how it functions and provide feedback to Microsoft. In its current state, Microsoft says that the feature now supports Xbox, Game Pass, Battle.net, and "other leading PC storefronts," all handled via the Xbox PC app. The company did not detail what these other storefronts are, but Steam, Epic Games Store, Ubisoft Connect, and EA Play apps seem likely candidates. "Whether you’re on a Windows PC or a handheld device, your Xbox library, hundreds of Game Pass titles, and all your installed games from leading PC storefronts will now be at your fingertips," said the company. When a game from a supported store is installed on a PC, Insiders should now see it appear on the Xbox app in the My Library and Most Recent sections for easy access. "And this is just the beginning," adds Microsoft. "We’ll continue rolling out support for additional PC storefronts over time." Insiders can also disable this functionality and hide games from specific stores if needed from the Settings > Library & Extensions menu. Anyone interested in testing out the new 'aggregated gaming library' update can use the Xbox Insider app on PC to enroll in the ongoing Insider Previews.
    • Get this powerful mini PC with Core Ultra 9, 32GB RAM, and 1TB SSD for just $799 by Taras Buria The ASUS NUC 14 Pro+ is a powerful mini PC with capable hardware, and right now, you can get it on Amazon with a big discount. At just $799, this computer offers a Core Ultra 9 processor, 32GB of memory, and a 1TB SSD. The NUC 14 Pro+ features a low-profile aluminum chassis, which can be opened without removing rubber feet or undoing any screws. Its toolless design lets you access the storage without a screwdriver. The computer also has a rich set of ports. On the front side, you will find two USB 3.2 Gen 2 Type-C, one USB 3.2 Gen 2x2 Type-C, and a power button. Unlike the Mac mini, which has a frustrating power button placement, the power button in the NUC 14 Pro+ is located where it should be. The back of the NUC 14 Pro+ has a DC-in port, two Thunderbolt 4 ports, one 2.5G Ethernet port, one USB 3.2 Gen2 Type-A, one USB 2.0 Type-A, two HDMI 2.1, and a Kensington lock. Finally, there is a VESA mount, which lets you place the device on the back of your monitor for a cleaner desk. The computer is powered by Intel's 14th-gen Core Ultra 9 185H processor, 32GB of DDR5 memory, and a 1TB PCIe Gen4 NVMe SSD. Windows 11 Home is preinstalled, so you do not need to bring your own drive, memory, or Windows 11 license. ASUS NUC 14 Pro+ Core Ultra 9 185H, 32GB RAM, 1TB SSD - $799.99 | 27% off on Amazon US This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • This guy is just salty that Waymo is about to get buried by a company with cars that cost significantly less, charge significantly lower fares, and will soon dramatically outnumber their fleet. Waymo made the mistake of not reducing their vehicle cost quick enough and not overcoming their route limitations. Unless they start allowing their cars to use the freeways and have significantly wider geofencing, they're going to soon join the list of discontinued Google products. If Tesla wasn't the one to make them irrelevant, somebody else soon was. There's a long list of companies designing robotaxis right now.
    • LOL. Hard to believe people still fall for this. If you are having some sort of issue, I would work on fixing that instead turning off these settings.
  • Recent Achievements

    • Week One Done
      fredss earned a badge
      Week One Done
    • Dedicated
      fabioc earned a badge
      Dedicated
    • One Month Later
      GoForma earned a badge
      One Month Later
    • Week One Done
      GoForma earned a badge
      Week One Done
    • Week One Done
      ravenmanNE earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      651
    2. 2
      Michael Scrip
      226
    3. 3
      ATLien_0
      218
    4. 4
      +FloatingFatMan
      146
    5. 5
      Xenon
      137
  • Tell a friend

    Love Neowin? Tell a friend!