Alert: Microsoft Security Bulletin MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 04/14/04
- Previous message: Russ: "FW: Alert: Microsoft Security Bulletin MS04-011 - Security Update for Microsoft Windows (835732)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Apr 2004 08:08:00 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Microsoft Security Bulletin MS04-012:
Cumulative Update for Microsoft RPC/DCOM (828741)
Bulletin URL:
<http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx>
Summary:
Version Number: 1.0
Revision Date: April 13, 2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: This bulletin replaces several prior security
updates. See the frequently asked questions (FAQ) section of this
bulletin for the complete list.
Caveats: None
Revisions:
* v1.0 - Tuesday, April 13, 2004: Bulletin published
Tested Software:
Affected Software:
* Microsoft Windows NT. Workstation 4.0 Service Pack 6a
<http://www.ntbugtraq.com/link/MS04-012-00.asp>
* Microsoft Windows NT Server 4.0 Service Pack 6a
<http://www.ntbugtraq.com/link/d4f2ad32-fe74-4da1-aeae-80897ac86720.asp>
* Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
<http://www.ntbugtraq.com/link/5b29e35d-e5da-4486-b7eb-d54c7398142c.asp>
* Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, and Microsoft Windows 2000 Service Pack 4
<http://www.ntbugtraq.com/link/fbd38c36-d1d3-47a2-a5d5-6c8f27fdcc40.asp>
* Microsoft Windows XP and Microsoft Windows XP Service Pack 1
<http://www.ntbugtraq.com/link/d488bbbb-da77-448d-8ff0-0a649a0d8fc3.asp>
* Microsoft Windows XP 64-Bit Edition Service Pack 1
<http://www.ntbugtraq.com/link/4c3ed21d-ff40-4c9d-99dd-1632e43c1645.asp>
* Microsoft Windows XP 64-Bit Edition Version 2003
<http://www.ntbugtraq.com/link/75a08528-5e99-4be0-8e97-f1c9789611eb.asp>
* Microsoft Windows Server 2003
<http://www.ntbugtraq.com/link/07317ce9-520d-4574-b575-5fb85da9a4d7.asp>
* Microsoft Windows Server 2003 64-Bit Edition
<http://www.ntbugtraq.com/link/75a08528-5e99-4be0-8e97-f1c9789611eb.asp>
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE) and
Microsoft Windows Millennium Edition (ME) Review the FAQ section of this
bulletin for details about these operating systems
Technical Description:
Executive Summary:
This update resolves several newly-discovered vulnerabilities in
RPC/DCOM. Each vulnerability is documented in this bulletin in its own
section.
An attacker who successfully exploited the most severe of these
vulnerabilities could take complete control of the affected system. An
attacker could then take any action on the affected system, including
installing programs; viewing, changing, or deleting data; or creating
new accounts that have full privileges.
RPC Runtime Library Vulnerability - CAN-2003-0813
RPCSS Service Vulnerability - CAN-2004-0116
COM Internet Services (CIS) - RPC over HTTP Vulnerability -
CAN-2003-0807
Object Identity Vulnerability - CAN-2004-0124
This email is sent to NTBugtraq automagically as a service to my
subscribers. (v4.00.1564.10850)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
-----
Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens!
-----
- Previous message: Russ: "FW: Alert: Microsoft Security Bulletin MS04-011 - Security Update for Microsoft Windows (835732)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
