Microsoft Fixes 'Critical' RPCSS Flaw

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Microsoft on Wednesday warned of three newly discovered vulnerabilities in its RPCSS service that could let an attacker run harmful code on affected systems. The secur ity alert carries a 'critical' rating.

Microsoft issued a patch for the latest buffer overrun flaw, noting that the fix supersedes one issued last month for the RPC DCOM vulnerability that led to the MSBlaster worm attack.

Affected software include Windows NT Workstation 4.0; Windows NT Server 4.0; Windows NT Server 4.0, Terminal Server Edition; Windows 2000; Windows XP and Windows Server 2003.

It is the second time a major security hole has been fixed in the new Windows Server 2003 product.

The company said the three identified flaws were found in the part of RPCSS Service that deals with RPC messages for DCOM activation. Two of the vulnerabilities could allow arbitrary code execution and one could cause a denial of service scenario.

"The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another," according to the Microsoft advisory.

It warned that a successful attack scenario would let an intruder run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. "The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges."

Submit a Comment

Loading Comments...