|
|
RPC Exploit 2.0 - The Sequel
Wednesday, September 10, 2003
Author: Richard S. Westmoreland
Permalink: 20040824020416858
|
General News
|
|
Here we go again!
Microsoft has posted another security update, apparently more buffer exploits (3 so far) have been discovered in the RPC service, which was not fixed by the previous hotfix. More info can be found here:
Microsoft Security Bulletin MS03-039
NT operating systems are affected (2003, 2000, XP, NT 4) but 9x kernels are not (ME, 98, 95).
Two of the new exploits may allow a remote user to take over the system, another exploit aids in a DOS (Denial of Service) attack.
After a quick glance over (and testing out the patch on my machine), it looks like this new RPC patch does not come with option flags to help automate the installation across a network. This should come as a great disappointment for Systems Administrators (and your average network guru).
Update: I tested this file for flags this morning, and it turns out the patch DOES have options (Microsoft just neglected to mention this on their site). So no worries - you can easily deploy this patch transparently to your users via the logon scripts.
|
|
|
