Hi all,

Just received an alert message concerning a leak in Windows XP/NT/2000/2003 operating systems.


The leak concerns a leak in RPC (Remote Procedure Call) which will allow outsiders to enter your Pc and deleting files, changing files, rewriting files etc..

Microsoft has already come up with a patch and advices all users of operating systems mentioned above to apply the patch immediately!!!

Please read the whole story here:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

rgds,
Martin

Hi Martin!

This has been out for a while now. I posted info and download links here...


http://www.wilderssecurity.com/showthread.php?t=11451

Regards,

Dan

I'm kind of surprised that the patch didn't run a "recognition pass" to see if it had already been applied - doesn't M$ stuff normally do that?

I'd already done the previous update that referred to this, but I cranked up the other one mentioned here and it installed itself like it was brand-new.

Are we sure this wasn't something new? Pete

Hi Pete!

They have the same Q reference so the download is intended for the same issue but I haven't monitored any changes in the downloads. ;D

I don't recall ever seeing any evidence of a recognition pass such as you mentioned. I would be surprised (and disappointed) if they did have some sort of limitation along those lines as one of the possibilities you frequently need to keep in mind is that part or all of an applied update has been nullified by the install of another less recent patch. (Which happens very frequently when you have multiple admins and where there is no strict accountability for applying patches/updates). In this case, the only recourse is to re-apply the newer patch even though the previous application may be shown in the Add/Remove programs or elsewhere in the system.

If you have your NETBIOS ports closed (like we all have ;D) there are no problems.

To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135, 139, or 445 or any other specifically configured RPC port on the remote machine. For intranet environments, these ports would normally be accessible, but for Internet connected machines, these would normally be blocked by a firewall. In the case where these ports are not blocked, or in an intranet configuration, the attacker would not require any additional privileges.


Dolf