Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
ISS Security Brief: Multiple Vulnerabilities in Microsoft RPC Service
From: X-Force (xforceiss.net)
Date: Wed Sep 10 2003 - 12:10:24 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Brief
September 10, 2003
Multiple Vulnerabilities in Microsoft RPC Service
Microsoft has released a security bulletin (MS03-039) detailing three
distinct vulnerabilities in the Windows RPC (Remote Procedure Call)
functionality. One of the vulnerabilities disclosed is a denial of
service condition, or DoS. The additional two vulnerabilities are buffer
overflow vulnerabilities, and are significantly more serious in nature.
The flaws described in this advisory are similar in nature and scope as
the flaw described in Microsoft Security Bulletin MS03-026, and the ISS
Security Alert titled, "Flaw in Microsoft Windows RPC Implementation".
The new DoS vulnerability was disclosed by a hacking group in China on
July 25, 2003, and functional exploit code is already in use on the
Internet. The additional two new issues may allow remote attackers to
compromise and gain complete control of vulnerable systems.
The MS Blast and Nachi worms propagated via the vulnerabilities disclosed
in MS03-26, and X-Force believes that there is significant potential for
the creation and propagation of a serious Internet worm that exploits one
or both of the newly disclosed RPC vulnerabilities.
For the complete ISS X-Force Security Alert, please visit:
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----