[LSD] Critical security vulnerability in Microsoft Operating Systems
From: Last Stage of Delirium (contact_at_LSD-PL.NET)
Date: Wed, 16 Jul 2003 22:48:44 -0700 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
We have discovered a critical security vulnerability in all recent versions of
Microsoft operating systems. The vulnerability affects default installations
of Windows NT 4.0, Windows 2000, Windows XP as well as Windows 2003 Server.
This is a buffer overflow vulnerability that exists in an integral component of
any Windows operating system, the RPC interface implementing Distributed Component
Object Model services (DCOM). In a result of implementation error in a function
responsible for instantiation of DCOM objects, remote attackers can obtain
unauthorized access to vulnerable systems.
The existence of the vulnerability has been confirmed by Microsoft Corporation.
The appropriate security bulletin as well as fixes for all affected platforms
are available for download from http://www.microsoft.com/security/ (MS03-026).
It should be emphasized that this vulnerability poses an enormous threat and
appropriate patches provided by Microsoft should be immediately applied.
We have decided not to publish codes or any technical details with regard to
this vulnerability at the moment.
With best regards,
The Last Stage of Delirium
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to