[janekman]

Viga on samamoodi kasutatav kui MS03-026 viga, mida kasutas
Nachi|Welchi uss, mis meile paraja peavalu tekitas. Arvata võib, et
järglane on peagi valmis meisterdatud ja levimas. Rahvas, paigake
usinalt arvuteid!


-----BEGIN PGP SIGNED MESSAGE-----

- - -----------------------------------------------------------------
Title: Buffer Overrun In RPCSS Service Could Allow Code
Execution (824146)
Date: September 10, 2003
Software: Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server(r) 4.0
Microsoft Windows NT Server 4.0, Terminal Server
Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-039

Microsoft encourages customers to review the Security Bulletins
at:

http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
http://www.microsoft.com/security/security_bulletins/MS03-039.asp


Issue:
======

The fix provided by this patch supersedes the one included in
Microsoft Security Bulletin MS03-026.

Remote Procedure Call (RPC) is a protocol used by the Windows
operating system. RPC provides an inter-process communication
mechanism that allows a program running on one computer to seamlessly
access services on another computer. The protocol itself is derived
from the Open Software Foundation (OSF) RPC protocol, but with the
addition of some Microsoft specific extensions.

There are three identified vulnerabilities in the part of RPCSS
Service that deals with RPC messages for DCOM activation- two that
could allow arbitrary code execution and one that could result in a
denial of service. The flaws result from incorrect handling of
malformed messages. These particular vulnerabilities affect the
Distributed Component Object Model (DCOM) interface within the RPCSS
Service. This interface handles DCOM object activation requests that
are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities could be
able to run code with Local System privileges on an affected system,
or could cause the RPCSS Service to fail. The attacker could then be
able to take any action on the system, including installing programs,
viewing, changing or deleting data, or creating new accounts with full
privileges.

To exploit these vulnerabilities, an attacker could create a program
to send a malformed RPC message to a vulnerable system targeting the
RPCSS Service.

Microsoft has released a tool that can be used to scan a network for
the presence of systems which have not had the MS03-039 patch
installed. More details on this tool are available in Microsoft
Knowledge Base article 827363. This tool supersedes the one provided
in Microsoft Knowledge Base article 826369. If the tool provided in
Microsoft Knowledge Base Article 826369 is used against a system which
has installed the security patch provided with this bulletin, the
superseded tool will incorrectly report that the system is missing the
patch provided in MS03-026. Microsoft encourages customers to run the
latest version of the tool available in Microsoft Knowledge Base
article 827363 to determine if their systems are patched.


Mitigating Factors:
====================
- Firewall best practices and standard default firewall
configurations can help protect networks from remote attacks
originating outside of the enterprise perimeter. Best practices
recommend blocking all ports that are not actually being used. For
this reason, most systems attached to the Internet should have a
minimal number of the affected ports exposed.

Risk Rating:
============
- Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at

http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
http://www.microsoft.com/security/security_bulletins/MS03-039.asp

for information on obtaining this patch.

Acknowledgment:
===============
- eEye Digital Security (http://www.eeye.com/html)
- NSFOCUS Security Team (http://www.nsfocus.com)
- Xue Yong Zhi and Renaud Deraison from Tenable Network Security
(http://www.tenablesecurity.com)

for reporting the buffer overrun vulnerabilities and working with us
to protect customers.
- - -----------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----

[none]

ojah jälle see vana hea RPC...
saad patchid peale ja tuleb välja, et auku ei pandud kinni vaid nihutati
2mm paremale ja nihutamise käigus venis veel suuremaks kah