• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting



Microsoft Security Bulletin MS03-039

Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Originally posted: September 10, 2003

Who should read this bulletin: Users running Microsoft ® Windows ®

Impact of vulnerability: Three new vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user’s system.

Maximum Severity Rating: Critical

Recommendation: System administrators should apply the security patch immediately

End User Bulletin:
An end user version of this bulletin is available at:


Protect your PC:
Additional information on how you can help protect your PC is available at the following locations:

End Users can visit http://www.microsoft.com/protect
IT Professionals can visit http://www.microsoft.com/technet/security/tips/pcprotec.asp
Affected Software:

Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server® 4.0
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Not Affected Software:
Microsoft Windows Millennium Edition

The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.

Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation— two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service.

Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.

Windows NT Workstation
Windows NT Server
Windows 2000
Windows XP
Windows Server 2003
Another security flaw in windows.... :rolleyes: <-- does that face look surprised to you?

Boy oh boy, linux is sounding better everyday.
I didn't notice this was a thread on how Linux has less security flaws than Windows Ryan_man.

Thanks Phyxisus.
Sigh. :rolleyes:

Every peice of software has a security flaw. Hell, even the BIOS/firmware can have flaws...
Originally posted by notnamed
I didn't notice this was a thread on how Linux has less security flaws than Windows Ryan_man.

Thanks Phyxisus.
Wow, what is your problem?
Ryan_Man merely stated that Linux sounded like a better alternative than a Mocrosoft product.
He didn't carry the thread off topic at all....
Originally posted by Daniel
Is that a problem? Atleast they're doing something...

Yes, that is a problem. Considering not everyone goes to their update service every day to get the updates, not everyone likes to wait for all updates to be downloaded.

And people like me who sysadmin at companies hate it totally, another patch to roll out.

Well, i dont think its to good, but hey thats me.
Well, if you don't like it, don't use windows. All I can say.

I use windows, but for CompSci I need to learn Solaris, and am looking forward to it. I like windows fine, but I am interested to try something different. If I like it, I may end installing some sort of *nix at home. I don't know why I am saying this though.

Anyways, thanks for the heads up Ph**ius (I don't care to learn how it is spelled, no offence).
Compare the amount of users using Windows and Linux and you get the idea why hackers and script-kiddies target Microsoft. Just a mild explanation though. :)