Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

CRITICAL: Buffer Overrun In RPCSS Service Could Allow Code Execution

Options
  • 10-09-2003 10:58pm
    #1
    dahamsta
    Banned (with Prison Access) Posts: 16,659 ✭✭✭✭


    Sigh. Off you go to Windows Update then.
    Microsoft Security Bulletin MS03-039

    Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

    The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.

    Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

    There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation— two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.

    An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

    To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service.


Comments

  • Options
    #2
    Spunog UIE
    Registered Users Posts: 2,651 ✭✭✭Spunog UIE


    yeah just got the patch for this today. Nearly on the ball lol. Should probally make a sticky of this, especially after the last fiasco.


  • Options
    #3
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 91,761 Mod ✭✭✭✭Capt'n Midnight


    WINDOWS & IE (note one IE hole is still open)
    http://www.boards.ie/vbulletin/showthread.php?s=&threadid=114704

    Files fixed - ..\system32\ole32.dll , Rpcrt4dll , rpcss.exe
    All dated 25-28th August (that's another rant)
    Note: there are three different NT patches depending on Server / Workstation / Terminal Server....

    [RANT]The switches in the KB for windows are wrong ! - they just cut/pasted the XP list for the others - if they are sloppy in one place then they are probably sloppy elsewhere..[/RANT]

    XP
    /u = unattended (NT server interprets this as uninstall)
    /z = no reboot

    Win2000
    -u = unattended
    -z = no reboot
    -q = quiet
    -o = overwrite oem without asking

    NT
    -m = unattended
    -z = no reboot
    -q = quiet


    PS. from past experiance the auto reboot option has two problems - first it don't always close all apps - second it don't wait for services to stop.

    ================================

    AOFFICE VBA flaws - Office 97 to date most apps...
    and this http://www.boards.ie/vbulletin/showthread.php?s=&threadid=114271


Advertisement