General discussion

  • Creator
  • #2316219

    Updated Windows RPC patch


    by joseph moore ·

    Microsoft just issued Microsoft Security Bulletin MS03-039 Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

    This is an updated patch version for Microsoft Security Bulletin MS03-026, which is the patch for the vulnerability that the Blaster worm (and it variants) exploited.

    This new article states that there are 3 vulnerabilities in the way RPC works with DCOM: 2 buffer overflows and 1 DoS.

    Here is a link to the Technet article:
    (please remove any spaces)

    The article says that, “The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026.”

    Great! So to me, this means that all machines that were patched before need to be patched again with this new patch!

    I think I will just sit in the corner and cry for a while….

All Comments

  • Author
    • #3380261

      FT PA

      by jellimonsta ·

      In reply to Updated Windows RPC patch

      Full Time Patch Analyst!

    • #3380232

      EEYE’s bulletin just came thru

      by lordinfidel ·

      In reply to Updated Windows RPC patch

      While MS bundled it with the other patch.

      This is actually a different exploit all together.

      “By sending a malformed request packet it is possible to overwrite various
      heap structures and allow the execution of arbitrary code.”

      Read the technical review at

      Or if you are part of bugtraq, it should be on it’s way.

      • #3380225

        I just want to cry…

        by joseph moore ·

        In reply to EEYE’s bulletin just came thru

        Really, I am exhausted thinking about this.
        The Office patch from Friday, as well as that NetBIOS patch (where you can get random data by sending a malformed NetBIOS packet), and now I need to re-patch for the RPC/DCOM vulnerability!!!

        I just can’t take it anymore!!!!!

        • #3380159

          The netbios patch

          by lordinfidel ·

          In reply to I just want to cry…

          I really did not consider it “exploitable”. It is such a random bit of information that you can retrieve out of memory. And you can’t direct it to find a certain piece.

          So whatever it returns it returns, like a roullete.

          The DCOM crap, that was too be expected. But as long as the badland gang of ports are blocked (135-139 and 445) Not much harm can be done there.

          So I would wait to install them on prod servers that are dmz’d and are locked down port wise.

          Unfortunately, one of my pvt clients has a web farm that is totally exposed. So I had to risk installing it on their servers. (have not had time to rearchitect their network, it’s still 4-6 months away)

          So far so good. I tested the patch though on my “bastard kill me” sacrificial lamb server. And it did not break anything. At least the server came back up after the reboot and worked.

      • #3380224

        Waiting for Bugtraq digest

        by joseph moore ·

        In reply to EEYE’s bulletin just came thru

        I get Bugtraq in digest form, and I am still waiting for it.

        So, I guess I will sit and cry and whimper while waiting for the e-mail….

    • #3380215

      Sounds like

      by oz_media ·

      In reply to Updated Windows RPC patch

      This is just ANOTHER reason why MS is such a useless company. Most companies that spread themselves too thin will end up in bankruptcy. With MS they just keep getting wider and thinner, all the time growing bigger and bigger. It’s like Cancer except people don’t die, businesses and livlihoods do. Not to mention losing ones sanity.

      Joseph, you’re not alone on this one. Unfortunately, the rest of the world has decided to make Bill Gates and Microsoft one of the most successful companies of the 20th century. With ANY luck, someone will do better in this century.
      What has MS done since 2000? Ok…..what GOOD have they done in the 21st century? I don’t want to hear about how kind old BG is donating a miniscule amount of his billions to charity as a tax write-off. What has Microsoft done since 2000 that has made the world or world of computing a better place?

      Too bad they didn’t nail him for stealing Windoze in the first place and just lock him up.

    • #2743596

      Reply To: Updated Windows RPC patch

      by djent ·

      In reply to Updated Windows RPC patch

      So much for “security is our number one priority” it’s an oxymoron, like “compassionate conservitism”.

Viewing 3 reply threads