[THIN] Re: Security Alert: Microsoft Security Bulletin - MS03-039
- From: "Joe Fojut" <Fojut.Joseph@xxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 10 Sep 2003 14:34:13 -0500
Does anyone know where I can download this patch? The article only
references windows update and doesn't point to a download site.
Thanks,
Joe
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Chris Lynch
Sent: Wednesday, September 10, 2003 2:05 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Security Alert: Microsoft Security Bulletin - MS03-039
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I use HFNETCHKPro heavily. I love the product, and recommend it to anyone.
Chris
- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Mike Bollman
Sent: Wednesday, September 10, 2003 11:46 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Security Alert: Microsoft Security Bulletin - MS03-039
On a related note, what is everyone using for patch management deployment
and what do you think of it?
Configuresoft
HFNETCheckPro
Bigfix
SUS
Ecora Patchmanager
Patchlink Update
St. Bernard Update expert
Others???
Mike Bollman
Network Engineer
Enterprise Products
mbollman@xxxxxxxxx
- -----Original Message-----
From: Jim Kenzig http://thethin.net [mailto:jimkenz@xxxxxxxxxxxxxx]
Sent: Wednesday, September 10, 2003 1:27 PM
To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx
Subject: [THIN] Security Alert: Microsoft Security Bulletin - MS03-039
- From Bugtraq. Get patching!
JK
Subject: Alert: Microsoft Security Bulletin - MS03-039
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Originally posted: September 10, 2003
Summary
Who should read this bulletin: Users running Microsoft (r) Windows (r)
Impact of vulnerability: Run code of attacker's choice
Maximum Severity Rating: Critical
Recommendation: System administrators should apply the security patch
immediately
End User Bulletin:
An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-039.asp.
Protect your PC:
Additional information on how you can help protect your PC is available
at the following locations:
- - End Users can visit http://www.microsoft.com/protect
- - IT Professionals can visit
http://www.microsoft.com/technet/security/tips/pcprotec.asp
Affected Software:
- - Microsoft Windows NT Workstation 4.0
- - Microsoft Windows NT Server(r) 4.0
- - Microsoft Windows NT Server 4.0, Terminal Server Edition
- - Microsoft Windows 2000
- - Microsoft Windows XP
- - Microsoft Windows Server 2003
Not Affected Software:
- - Microsoft Windows Millennium Edition
Technical description:
The fix provided by this patch supersedes the one included in Microsoft
Security Bulletin MS03-026.
Remote Procedure Call (RPC) is a protocol used by the Windows operating
system. RPC provides an inter-process communication mechanism that
allows a program running on one computer to seamlessly access services
on another computer. The protocol itself is derived from the Open
Software Foundation
(OSF) RPC protocol, but with the addition of some Microsoft specific
extensions.
There are three identified vulnerabilities in the part of RPCSS Service
that deals with RPC messages for DCOM activation- two that could allow
arbitrary code execution and one that could result in a denial of
service. The flaws result from incorrect handling of malformed messages.
These particular vulnerabilities affect the Distributed Component Object
Model (DCOM) interface within the RPCSS Service. This interface handles
DCOM object activation requests that are sent from one machine to
another.
An attacker who successfully exploited these vulnerabilities could be
able to run code with Local System privileges on an affected system, or
could cause the RPCSS Service to fail. The attacker could then be able
to take any action on the system, including installing programs,
viewing, changing or deleting data, or creating new accounts with full
privileges.
To exploit these vulnerabilities, an attacker could create a program to
send a malformed RPC message to a vulnerable system targeting the RPCSS
Service.
Microsoft has released a tool that can be used to scan a network for the
presence of systems which have not had the MS03-039 patch installed.
More details on this tool are available in Microsoft Knowledge Base
article 827363. This tool supersedes the one provided in Microsoft
Knowledge Base article 826369. If the tool provided in Microsoft
Knowledge Base Article 826369 is used against a system which has
installed the security patch provided with this bulletin, the superseded
tool will incorrectly report that the system is missing the patch
provided in MS03-026. Microsoft encourages customers to run the latest
version of the tool available in Microsoft Knowledge Base article 827363
to determine if their systems are patched.
Mitigating factors:
- - Firewall best practices and standard default firewall configurations
can help protect networks from remote attacks originating outside of the
enterprise perimeter. Best practices recommend blocking all ports that
are not actually being used. For this reason, most systems attached to
the Internet should have a minimal number of the affected ports exposed.
For more information about the ports used by RPC, visit the following
Microsoft Web
site:http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit
/tcp
ip/part4/tcpappc.asp
Vulnerability identifier:
Buffer Overrun: CAN-2003-0715
Buffer Overrun: CAN-2003-0528
Denial of Service: CAN-2003-0605
********************************************************
This Week's Sponsor: ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor: ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch
iQA/AwUBP191129fg+xq5T3MEQLKQgCeKrg3wlGAEWyMOBze86d6Q/w0TwIAnjaA
edQsR5eCdiyNTBOg+p9XSpBo
=zZw8
-----END PGP SIGNATURE-----
********************************************************
This Week's Sponsor: ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor: ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
