TS | Thomas
Posts: 1,318 +2
Affected Software:
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
There are 3 identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation— 2 that could allow arbitrary code execution & 1that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.
An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.
Patch Availbility.
Update by Per: If you are getting tired of these DCOM exploits download Steve Gibson's free utility to disable DCOM entirely. (DCOM is not needed on most systems anyway). This will get you rid of this vulnerability, the Blaster one and any future vulnerabilities related to the DCOM service.
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
There are 3 identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation— 2 that could allow arbitrary code execution & 1that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.
An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.
Patch Availbility.
Update by Per: If you are getting tired of these DCOM exploits download Steve Gibson's free utility to disable DCOM entirely. (DCOM is not needed on most systems anyway). This will get you rid of this vulnerability, the Blaster one and any future vulnerabilities related to the DCOM service.
