Jerry Bryant [MSFT]
December 14th 03, 08:38 AM
Title: Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Updated Date: July 18, 2003
Software: Microsoft Windows NTŪ 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows ServerT 2003
Impact: Run code of attacker's choice
Maximum Severity Rating: Critical
Bulletin: MS02-026
Update 07/18/2003:
Microsoft originally released this bulletin and patch on July 16, 2003 to
correct a security vulnerability in a Windows Distributed Component Object
Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still
is effective in eliminating the security vulnerability. However, the
"mitigating factors" and "workarounds" discussions in the original security
bulletin did not clearly identify all of the ports by which the
vulnerability could potentially be exploited. We have updated this bulletin
to more clearly enumerate the ports over which RPC services can be invoked,
and to ensure that customers who have chosen to implement a workaround
before installing the patch have the information that they need to protect
their systems. Customers who have already installed the patch are protected
from attempts to exploit this vulnerability, and need take no further
action.
Customers are advised to review the bulletin for additional information.
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-026
What Is It?
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-026 which concerns a vulnerability in Microsoft Windows.
Customers are advised to review the information in the bulletin, test and
deploy the patch immediately in their environments, if applicable.
More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety (1-866-727-2338).
International customers should contact their local subsidiary.
--
Regards,
Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities
Get Secure! www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jerry Bryant [MSFT]" > wrote in message
...
> Title: Buffer Overrun In RPC Interface Could Allow Code Execution
> (823980)
> Date: July 16, 2003
> Software: Microsoft Windows NT(r) 4.0
> Microsoft Windows NT 4.0 Terminal Services Edition Microsoft Windows 2000
> Microsoft Windows XP Microsoft Windows Server(tm) 2003
> Impact: Run code of attacker's choice
> Maximum Severity Rating: Critical
> Bulletin: MS02-026
>
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS03-026
>
> What Is It?
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS03-026 which concerns a vulnerability in Microsoft Windows.
> Customers are advised to review the information in the bulletin, test and
> deploy the patch immediately in their environments, if applicable.
>
> More information is now available at
> http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
>
> If you have any questions regarding the patch or its implementation after
> reading the above listed bulletin you should contact Product Support
> Services in the United States at 1-866-PCSafety (1-866-727-2338).
> International customers should contact their local subsidiary.
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
Updated Date: July 18, 2003
Software: Microsoft Windows NTŪ 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows ServerT 2003
Impact: Run code of attacker's choice
Maximum Severity Rating: Critical
Bulletin: MS02-026
Update 07/18/2003:
Microsoft originally released this bulletin and patch on July 16, 2003 to
correct a security vulnerability in a Windows Distributed Component Object
Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still
is effective in eliminating the security vulnerability. However, the
"mitigating factors" and "workarounds" discussions in the original security
bulletin did not clearly identify all of the ports by which the
vulnerability could potentially be exploited. We have updated this bulletin
to more clearly enumerate the ports over which RPC services can be invoked,
and to ensure that customers who have chosen to implement a workaround
before installing the patch have the information that they need to protect
their systems. Customers who have already installed the patch are protected
from attempts to exploit this vulnerability, and need take no further
action.
Customers are advised to review the bulletin for additional information.
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-026
What Is It?
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-026 which concerns a vulnerability in Microsoft Windows.
Customers are advised to review the information in the bulletin, test and
deploy the patch immediately in their environments, if applicable.
More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety (1-866-727-2338).
International customers should contact their local subsidiary.
--
Regards,
Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities
Get Secure! www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jerry Bryant [MSFT]" > wrote in message
...
> Title: Buffer Overrun In RPC Interface Could Allow Code Execution
> (823980)
> Date: July 16, 2003
> Software: Microsoft Windows NT(r) 4.0
> Microsoft Windows NT 4.0 Terminal Services Edition Microsoft Windows 2000
> Microsoft Windows XP Microsoft Windows Server(tm) 2003
> Impact: Run code of attacker's choice
> Maximum Severity Rating: Critical
> Bulletin: MS02-026
>
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS03-026
>
> What Is It?
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS03-026 which concerns a vulnerability in Microsoft Windows.
> Customers are advised to review the information in the bulletin, test and
> deploy the patch immediately in their environments, if applicable.
>
> More information is now available at
> http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
>
> If you have any questions regarding the patch or its implementation after
> reading the above listed bulletin you should contact Product Support
> Services in the United States at 1-866-PCSafety (1-866-727-2338).
> International customers should contact their local subsidiary.
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>