Another New Critical Security vulnerability found in MS operating systems!

Question

Another Critical Security flaw found in Microsoft Windows operating systems!

Answer

This question was answered on July 19, 2003. Much of the information contained herein may have changed since posting.

Once again Microsoft users are affected by a new vulnerability that has been found this week.

Microsoft OS's (NT, XP, 2k & 2003 Server) were warned this week of a buffer overrun in the RPC (Remote Procedure Call) interface that may allow malicious code to be executed. RPC is a protocol used by the Windows operating system that provides an inter-process communication

mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the OSF (Open Software Foundation) RPC protocol, but with the addition of some Microsoft specific extensions.

To exploit this ulnerability, the attacker would require the ability to send a specially crafted request to port 135 on the remote machine. Microsoft encourages all customers to review the Security Bulletins to keep optimal security. The risk is considered ‘critical’ which is the highest security breach they have.

Download locations for this patch:

The patches for all Windows systems are available via:

Windows Update

The complete technical details are posted at the Microsoft web site:

<a href="http://www.microsoft.com/technet/security/bulletin/MS03-026.asp"> http://www.microsoft.com/technet/security/bulletin/MS03-026.asp</a>

Author

Posted by Michal of Data Doctors on July 19, 2003