Apparently if I am running Server 2000 I don't have to worry about this. Is this a correct assumption?
Thanks
Dan
On Thursday, September 11, 2003, at 11:02 AM, Scott Fosseen wrote:
_____________________________________________________________________ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _____________________________________________________________________ "Everything that can be invented has been invented." - Charles H. Duell, Commissioner, U.S. Office of Patents, 1899. _____________________________________________________________________
----- Original Message -----
From: "Lingren, Dave" <[EMAIL PROTECTED]>
To: "Informational List for the ICN Network" <[EMAIL PROTECTED]>
Sent: Thursday, September 11, 2003 10:24 AM
Subject: FW: Security Alert 2003-16 Buffer Overrun In RPCSS Service
The ITE Security group has released the following bulletin. Please read the
contents of this bulletin and take actions appropriate for your
organization.
Thank you,
Dave Lingren Iowa Communications Network 515-725-4795 Office 515-707-1638 Cell 515-234-2446 Pager
Microsoft Security Bulletin: MS03-039
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) http://www.microsoft.com/technet/security/bulletin/MS03-039.asp Originally Posted: September 10, 2003
Impact of vulnerability: Run code of attacker's choice
Maximum Severity Rating: Critical
Affected Software: * Microsoft Windows NT Workstation 4.0 * Microsoft Windows NT Server(r) 4.0 * Microsoft Windows NT Server 4.0, Terminal Server Edition * Microsoft Windows 2000 * Microsoft Windows XP * Microsoft Windows Server 2003 Not Affected Software: * Microsoft Windows Millennium Edition
Technical Details:
There are three identified vulnerabilities in the part of RPCSS Service that
deals with RPC messages for DCOM activation- two that could allow arbitrary
code execution and one that could result in a denial of service. The flaws
result from incorrect handling of malformed messages. These particular
vulnerabilities affect the Distributed Component Object Model (DCOM)
interface within the RPCSS Service. This interface handles DCOM object
activation requests that are sent from one machine to another. An attacker
who successfully exploited these vulnerabilities could be able to run code
with Local System privileges on an affected system, or could cause the RPCSS
Service to fail. The attacker could then be able to take any action on the
system, including installing programs, viewing, changing or deleting data,
or creating new accounts with full privileges. To exploit these
vulnerabilities, an attacker could create a program to send a malformed RPC
message to a vulnerable system targeting the RPCSS Service.
Solution: Systems administrators should apply the patch as soon as possible.
NOTE: The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026.
Microsoft is also planning to host a live discussion regarding this new vulnerability.
TechNet Webcast: Information Regarding Recently Announced RPC/DCOM Security
Update (MS03-039) (KB 824146)
September 12, 2003 - 9:00 A.M. to 10:00 A.M. Pacific Time / 12:00 P.M.
Eastern Time
http://www.microsoft.com/usa/webcasts/upcoming/2373.asp
--- You are currently subscribed to infolist as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus on the server aea5.k12.ia.us]
---
[This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us]
--------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/[EMAIL PROTECTED]/ ---------------------------------------------------------
__________________________ Dan Fluckiger Technology/Business Education Grades 7-12 Southeast Webster Schools Burnside, IA 50521 Ph. 515-359-2235 Fax. 515-359-2236 [EMAIL PROTECTED]
--- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us]
--------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/[EMAIL PROTECTED]/ ---------------------------------------------------------