Microsoft Fixes ‘Critical’ RPCSS Flaw

Microsoft on Wednesday warned of three newly
discovered vulnerabilities in its RPCSS service that could let an attacker
run harmful code on affected systems. The secur
ity alert
carries a ‘critical’ rating.

Microsoft issued a patch for the latest buffer overrun flaw, noting that
the fix supersedes one issued last month for the RPC DCOM vulnerability that
led to the MSBlaster worm
attack
.

Affected software include Windows NT Workstation 4.0; Windows NT Server
4.0; Windows NT Server 4.0, Terminal Server Edition; Windows 2000; Windows
XP and Windows Server 2003.

It is the second time a major security hole has been fixed in the new
Windows Server 2003 product.

The company said the three identified flaws were found in the part of
RPCSS Service that deals with RPC messages for DCOM activation. Two of the
vulnerabilities could allow arbitrary code execution and one could cause a
denial of service scenario.

“The flaws result from incorrect handling of malformed messages. These
particular vulnerabilities affect the Distributed Component Object Model
(DCOM) interface within the RPCSS Service. This interface handles DCOM
object activation requests that are sent from one machine to another,”
according to the Microsoft advisory.

It warned that a successful attack scenario would let an intruder run
code with Local System privileges on an affected system, or could cause the
RPCSS Service to fail. “The attacker could then be able to take any action
on the system, including installing programs, viewing, changing or deleting
data, or creating new accounts with full privileges.”

News Around the Web