Microsoft just issued Microsoft Security Bulletin MS03-039 Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
This is an updated patch version for Microsoft Security Bulletin MS03-026, which is the patch for the vulnerability that the Blaster worm (and it variants) exploited.
This new article states that there are 3 vulnerabilities in the way RPC works with DCOM: 2 buffer overflows and 1 DoS.
Here is a link to the Technet article:
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
(please remove any spaces)
The article says that, “The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026.”
Great! So to me, this means that all machines that were patched before need to be patched again with this new patch!
I think I will just sit in the corner and cry for a while….
