September 11, 2003

Microsoft Security Bulletin MS03-039 : Buffer Overrun In RPCSS Service Could Allow Code Execution

Microsoft TechNet issued a CRITICAL update to Windows NT, 2000, XP and Server 2003. Once again, let's get those systems patched.

I'm sure that as we sleep, someone from the Internet "underground" is writing the appropriate virus/app/prog/worm to exploit these vulnerabilities.

NOTE TO READER: Happy consumer, please apply the critical patches from MS on a regular basis. Thank you!

From FAQs @ Microsoft:


What’s the scope of the vulnerability?
There are three different vulnerabilities discussed in this bulletin. The first two are buffer overrun vulnerabilities, while the third is a denial of service vulnerability. An attacker who successfully exploited either of the buffer overrun vulnerabilities could gain complete control over a remote computer. This would give the attacker the ability to take any action that they wanted on the system, including changing Web pages, reformatting the hard disk or adding new users to the local administrators group.

An attacker who successfully exploited the denial of service vulnerability could cause the RPC Service to hang and become unresponsive.

To carry out such an attack, an attacker would need to be able to send a malformed message to the RPCSS service and thereby cause the target system to fail in such a way that arbitrary code could be executed.

...

What could these vulnerabilities enable an attacker to do?
An attacker who successfully exploited the buffer overrun vulnerabilities could be able to run code with Local System privileges on an affected system. The attacker could be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.

An attacker who successfully exploited the denial of service vulnerability could cause the RPCSS Service to hang and become unresponsive.

...

Who could exploit these vulnerabilities?
Any user who could deliver a malformed RPC message to the RPCSS Service on an affected system could attempt to exploit these vulnerabilities. Because the RPCSS Service is on by default in all versions of Windows, this in essence means that any user who could establish a connection with an affected system could attempt to exploit these vulnerabilities.

Posted by akvalley at September 11, 2003 07:47 AM | TrackBack
Comments
Post a comment









On-topic comments, complaints, and criticisms are welcome, but off-topic or inappropriate comments will be deleted without notice to the commentor. If you include your URL below it will be linked (and subsequently indexed by Google and the like...possibly).

Since ALL of the message text is displayed online, please maintain your personal privacy by not posting personal information.

Remember personal info?






Please enter the code as seen in the image above to post your comment.