General discussion

Locked

Updated Windows RPC patch

By Joseph Moore ·
Microsoft just issued Microsoft Security Bulletin MS03-039 Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

This is an updated patch version for Microsoft Security Bulletin MS03-026, which is the patch for the vulnerability that the Blaster worm (and it variants) exploited.

This new article states that there are 3 vulnerabilities in the way RPC works with DCOM: 2 buffer overflows and 1 DoS.

Here is a link to the Technet article:
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
(please remove any spaces)

The article says that, "The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026."

Great! So to me, this means that all machines that were patched before need to be patched again with this new patch!

I think I will just sit in the corner and cry for a while....

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

FT PA

by Jellimonsta In reply to Updated Windows RPC patch

Full Time Patch Analyst!

Collapse -

EEYE's bulletin just came thru

by LordInfidel In reply to Updated Windows RPC patch

While MS bundled it with the other patch.

This is actually a different exploit all together.

"By sending a malformed request packet it is possible to overwrite various
heap structures and allow the execution of arbitrary code."

Read the technical review at
http://www.eeye.com/html/Research/Advisories/AD20030910.html

Or if you are part of bugtraq, it should be on it's way.

Collapse -

I just want to cry...

by Joseph Moore In reply to EEYE's bulletin just came ...

Really, I am exhausted thinking about this.
The Office patch from Friday, as well as that NetBIOS patch (where you can get random data by sending a malformed NetBIOS packet), and now I need to re-patch for the RPC/DCOM vulnerability!!!

I just can't take it anymore!!!!!
AAAAARRGH!!!

Collapse -

The netbios patch

by LordInfidel In reply to I just want to cry...

I really did not consider it "exploitable". It is such a random bit of information that you can retrieve out of memory. And you can't direct it to find a certain piece.

So whatever it returns it returns, like a roullete.

The DCOM crap, that was too be expected. But as long as the badland gang of ports are blocked (135-139 and 445) Not much harm can be done there.

So I would wait to install them on prod servers that are dmz'd and are locked down port wise.

Unfortunately, one of my pvt clients has a web farm that is totally exposed. So I had to risk installing it on their servers. (have not had time to rearchitect their network, it's still 4-6 months away)

So far so good. I tested the patch though on my "******* kill me" sacrificial lamb server. And it did not break anything. At least the server came back up after the reboot and worked.

Collapse -

Waiting for Bugtraq digest

by Joseph Moore In reply to EEYE's bulletin just came ...

I get Bugtraq in digest form, and I am still waiting for it.

So, I guess I will sit and cry and whimper while waiting for the e-mail....

Collapse -

Sounds like

by Oz_Media In reply to Updated Windows RPC patch

This is just ANOTHER reason why MS is such a useless company. Most companies that spread themselves too thin will end up in bankruptcy. With MS they just keep getting wider and thinner, all the time growing bigger and bigger. It's like Cancer except people don't die, businesses and livlihoods do. Not to mention losing ones sanity.

Joseph, you're not alone on this one. Unfortunately, the rest of the world has decided to make Bill Gates and Microsoft one of the most successful companies of the 20th century. With ANY luck, someone will do better in this century.
What has MS done since 2000? Ok.....what GOOD have they done in the 21st century? I don't want to hear about how kind old BG is donating a miniscule amount of his billions to charity as a tax write-off. What has Microsoft done since 2000 that has made the world or world of computing a better place?

Too bad they didn't nail him for stealing Windoze in the first place and just lock him up.

Collapse -

by djent In reply to Updated Windows RPC patch

So much for "security is our number one priority" it's an oxymoron, like "compassionate conservitism".

Back to Security Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums