WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
on Wednesday warned of three newly
discovered vulnerabilities in its RPCSS service that could let an attacker
run harmful code on affected systems. The secur
ity alert carries a 'critical' rating.
Microsoft issued a patch for the latest buffer overrun flaw, noting that the fix supersedes one issued last month for the RPC DCOM vulnerability that led to the MSBlaster worm attack.
Affected software include Windows NT Workstation 4.0; Windows NT Server 4.0; Windows NT Server 4.0, Terminal Server Edition; Windows 2000; Windows XP and Windows Server 2003.
The company said the three identified flaws were found in the part of RPCSS Service that deals with RPC messages for DCOM activation. Two of the vulnerabilities could allow arbitrary code execution and one could cause a denial of service scenario.
"The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another," according to the Microsoft advisory.
It warned that a successful attack scenario would let an intruder run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. "The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges."