Back to Forums






PDA

View Full Version : Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

Reverend
September 10th, 2003, 19:52 PM
There are three identified vulnerabilities in the part of the Windows RPC service (RPCSS) that deals with RPC messages for DCOM activation. Two of the vulnerabilities might allow arbitrary code to be run; one of the vulnerabilities might result in a denial of service. The flaws result from incorrect handling of malformed messages. These vulnerabilities affect the Distributed Component Object Model (DCOM) interface in RPCSS. This interface handles DCOM object activation requests that are sent by client computers to the server.

An attacker who successfully exploits these vulnerabilities might be able to run code with Local System rights on an affected computer, or could cause RPCSS to stop working. The attacker could then take any action on the computer, including installing programs, viewing, changing, or deleting data, or creating new accounts with full rights.

Severity Rating - Critical

:arrow: Download patch: XP (all versions) (http://support.microsoft.com/?kbid=824146#WinXP) | 2000 (all versions) (http://support.microsoft.com/?kbid=824146#Win2000) | Server 2003 (all versions) (http://support.microsoft.com/?kbid=824146#Win2003) | NT 4.0 (all versions) (http://support.microsoft.com/?kbid=824146#WinNT)

:arrow: View: Microsoft Security Bulletin MS03-039 (http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp)

:arrow: View: Microsoft Knowledge Base Article - 824146 (http://support.microsoft.com/?kbid=824146)
Tinker
September 11th, 2003, 06:54 AM
For a quick check to see if it is installed on your computer...

You may also be able to verify that this security patch is installed by confirming that the following registry key exists:

Windows Server 2003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB824146

Windows XP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB824146

Windows XP with Service Pack 1 (SP1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824146

Windows XP 64-Bit Edition Version 2003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB824146

Windows 2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB824146

Windows NT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824146


As well you may want to check out Reverend's links because this is where I obtained this information..

Thanks Reverend

:D
Big Booger
September 11th, 2003, 07:26 AM
I installed this on my longhorn test machine. It worked fine. I just had to use compatibility mode.

Thanks
SupaStar
September 11th, 2003, 08:03 AM
Another day, another RPC patch...:p