1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Just when you thought it was safe !#$%

Discussion in 'Windows XP' started by Rollin' Rog, Sep 10, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Rollin' Rog

    Rollin' Rog Thread Starter

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp


    Technical description:

    The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.

    Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

    There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation? two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.

    An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

    To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service.

    Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.

    Mitigating factors:

    Firewall best practices and standard default firewall configurations can help protect networks from remote attacks originating outside of the enterprise perimeter. Best practices recommend blocking all ports that are not actually being used. For this reason, most systems attached to the Internet should have a minimal number of the affected ports exposed.For more information about the ports used by RPC, visit the following Microsoft Web site:

    http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/tcpip/part4/tcpappc.asp
     
  2. BabyG

    BabyG

    Joined:
    Mar 15, 2003
    Messages:
    63
    OMG!!! Besides the "Technical definition", is there one in English?? All this RPC, RPCSS, DCOM, MS03-039, exploited vulnerabilities, Local System Privileges made me dizzy! :confused: I had to look and make sure I came into the correct forum. Are layman people like myself supposed to understand this? Or am I blond and dumb?

    I'm really not trying to be a smartellec, but this really made me feel like I shouldn't be here.

    Just my two cents
    BabyG :)
     
  3. Cookies

    Cookies

    Joined:
    Jul 3, 2003
    Messages:
    489
    Baby G, in a nutshell what this means is Microsoft has issued another critical update to prevent a couple of new vulnerabilities they've identified.

    Easiest way is to go to Start/Windows updates, scan for updates and download critical updates. Reboot when prompted.
     
  4. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    BabyG
    Basically what the Security bulletin is saying is this........
    Microsoft rushed to stick there finger in the security dike and doing so missed a few other holes or even worse created new ones.
    So bottom line is if you have an operating system that is affected by this problem then it is best to download the patch.

    Dave

    PS: It is not unusual to have many security patch's for a problem once found.

    PSS: Welcome Fellow Wisconsinite! Cookies......
     
  5. BabyG

    BabyG

    Joined:
    Mar 15, 2003
    Messages:
    63
    Thanks Guys,

    I really appreciate the explanation. Now I know I was intended to read that, as I am operating Win XP, so I downloaded the patch. :)

    Thanks Again,
    BabyG :)
     
  6. Cookies

    Cookies

    Joined:
    Jul 3, 2003
    Messages:
    489
    Very good :)

    Thanks Davey!
     
  7. brushmaster1

    brushmaster1

    Joined:
    Jun 15, 2002
    Messages:
    3,337
    I really NEVER thought it was safe!


    :D
     
  8. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Thanks Rog: Never too safe..
     
  9. Rollin' Rog

    Rollin' Rog Thread Starter

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I expect we're going to need to brace ourselves for another TSG onslaught. Maybe we'll break the old record :D

    I hope the Logoff script thread in this forum is not related; but if it is, it's going to be real bummer, most people won't even be able to connect to get help
     
  10. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    We'll test those new servers tonight then...:D
     
  11. gotcha

    gotcha

    Joined:
    Oct 13, 2002
    Messages:
    133
    "aw shut your cake- hole and just download the patch.
    Nevermind what it is"

    Well I know this was not directed to me but it could have been because I was just about to ask the same question as BabyG! I think this is rude and if there is much of this attitude on here I will say a firm goodbye!
    Cheerio
     
  12. gotcha

    gotcha

    Joined:
    Oct 13, 2002
    Messages:
    133
    All forgotten!
     
  13. DVOM

    DVOM

    Joined:
    Jun 20, 2002
    Messages:
    1,716
  14. Anton Wan

    Anton Wan

    Joined:
    Jul 29, 2003
    Messages:
    287
    Is their a place where a IT admin can get his hands on the patch so he can do it with out going to each machine and downloading the patch??? ASP PLEASE!

    TK
     
  15. JustMe2

    JustMe2

    Joined:
    May 31, 2001
    Messages:
    1,047
    First Name:
    Crystal
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - thought safe
  1. mikequest3
    Replies:
    2
    Views:
    1,054
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/163828

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice