[Dshield] New Microsoft Windows RPC vulnerability

Micheal Patterson micheal at tsgincorporated.com
Wed Sep 10 17:36:35 GMT 2003


----- Original Message ----- 
From: "Keith Bergen" <keith at keithbergen.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, September 10, 2003 12:12 PM
Subject: Re: [Dshield] New Microsoft Windows RPC vulnerability


> What exactly is the update. All Microsoft says is that it is
> a security update to a fault that would allow somebody to run
> code. I don't see anything there that explains what exactly
> they are patching.
>
> Keith.
>
> ---- Original message ----
> >Date: Wed, 10 Sep 2003 12:56:10 -0400
> >From: "Johannes B. Ullrich" <jullrich at sans.org>
> >Subject: [Dshield] New Microsoft Windows RPC vulnerability
> >To: list at dshield.org
> >
> >
> >MSFT just released a new bulletin:
> >
> >http://www.microsoft.com/security/security_bulletins/ms03-
> 039.asp
> >
> >Happy patching.
> >
> >(To celebrate this, I will allow a few anti MSFT, pro Linux
> posts)
> >
> >
> >-- 
> >SANS - Internet Storm Center
> >http://isc.sans.org
> >PGP Key: http://isc.sans.org/jullrich.txt
> >________________
> >signature.asc 1k bytes
> >________________
> >_______________________________________________
> >list mailing list
> >list at dshield.org
> >To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


>From the Technical Details of that bulletin:

"There are three identified vulnerabilities in the part of RPCSS Service
that deals with RPC messages for DCOM activation- two that could allow
arbitrary code execution and one that could result in a denial of service.
The flaws result from incorrect handling of malformed messages. These
particular vulnerabilities affect the Distributed Component Object Model
(DCOM) interface within the RPCSS Service. This interface handles DCOM
object activation requests that are sent from one machine to another. "

--

Micheal Patterson
TSG Network Administration
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.




More information about the list mailing list