作者 主題: [新聞]RPCSS MS03-039(危險性高)  (閱讀 5414 次)

0 會員 與 1 訪客 正在閱讀本文。

Demon

  • 可愛的小學生
  • *
  • 文章數: 9
    • 檢視個人資料
[新聞]RPCSS MS03-039(危險性高)
« 於: 2003-09-12 00:40 »
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
http://www.microsoft.com/technet/se...in/MS03-039.asp

Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

Originally posted: September 10, 2003

Summary

Who should read this bulletin: Users running Microsoft ?Windows ?

Impact of vulnerability: Run code of attacker's choice

Maximum Severity Rating: Critical

Recommendation: System administrators should apply the security patch immediately

End User Bulletin:
An end user version of this bulletin is available at:

http://www.microsoft.com/security/s...s/ms03-039.asp.

Protect your PC:
Additional information on how you can help protect your PC is available at the following locations:
- End Users can visit http://www.microsoft.com/protect
- IT Professionals can visit http://www.microsoft.com/technet/se...ps/pcprotec.asp

Affected Software:
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server?4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server 2003
Not Affected Software:
- Microsoft Windows Millennium Edition

Technical description:

The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026.

Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

There are three identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation- two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service.

Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.

Mitigating factors:
- Firewall best practices and standard default firewall configurations can help protect networks from remote attacks originating outside of the enterprise perimeter. Best practices recommend blocking all ports that are not actually being used. For this reason, most systems attached to the Internet should have a minimal number of the affected ports exposed.

For more information about the ports used by RPC, visit the following Microsoft Web site:http://www.microsoft.com/technet/pr...rt4/tcpappc.asp

Vulnerability identifier:
Buffer Overrun: CAN-2003-0715

Buffer Overrun: CAN-2003-0528

Denial of Service: CAN-2003-0605



請到這下載修正程序:
http://www.microsoft.com/downloads/details.aspx?FamilyID=f4f66d56-e7ce-44c3-8b94-817ea8485dd1&displaylang=zh-tw

audiman

  • 活潑的大學生
  • ***
  • 文章數: 249
    • 檢視個人資料
[新聞]RPCSS MS03-039(危險性高)
« 回覆 #1 於: 2003-09-22 21:23 »
很討厭的一隻病毒~~~重灌系統的人要注意了
先將WINDOWS UPDATE的資料先行抓下來
不然線上UPDATE很容易中毒

【亞洲鴕鳥】

  • 懷疑的國中生
  • **
  • 文章數: 65
    • 檢視個人資料
[新聞]RPCSS MS03-039(危險性高)
« 回覆 #2 於: 2003-09-23 10:06 »
Microsoft 安全性公告 MS03-039 須知 (824146)
http://www.microsoft.com/taiwan/security/security_bulletins/MS03-039.asp

可以先使用網際網路防火牆, 再Windows Update
詳細步驟, 請參閱 http://www.microsoft.com/taiwan/security/protect/

歡迎訂閱
微軟資訊安全電子報
http://register.microsoft.com/regsys/regsys.asp?wizid=7011&lcid=1028

jiajeong

  • 懷疑的國中生
  • **
  • 文章數: 75
    • 檢視個人資料
[新聞]RPCSS MS03-039(危險性高)
« 回覆 #3 於: 2004-02-13 02:06 »
引述: "audiman"
很討厭的一隻病毒~~~重灌系統的人要注意了
先將WINDOWS UPDATE的資料先行抓下來
不然線上UPDATE很容易中毒


請問一下..((WINDOWS UPDATE的資料先行抓下來))是要如何先抓下來呢?
不知哪裡有教學??
謝謝~~~

另外不知道各位大大覺得XP內建的防火牆好不好用呢?開啟下去..真的可以
順利擋住外界的攻擊...然後順利的UPDATE嗎?好奇中!!^^

audiman

  • 活潑的大學生
  • ***
  • 文章數: 249
    • 檢視個人資料
[新聞]RPCSS MS03-039(危險性高)
« 回覆 #4 於: 2004-02-13 08:49 »
1.上m牌網站找下載應該就找的到,就先找比較重要的更新.....等重安裝後再去安裝其他有的沒的

2.xp內建防火牆嗎....沒試過...想當然內建是比不上功能完整的軟體防火牆

jiajeong

  • 懷疑的國中生
  • **
  • 文章數: 75
    • 檢視個人資料
[新聞]RPCSS MS03-039(危險性高)
« 回覆 #5 於: 2004-02-14 21:24 »
引述: "audiman"
1.上m牌網站找下載應該就找的到,就先找比較重要的更新.....等重安裝後再去安裝其他有的沒的

2.xp內建防火牆嗎....沒試過...想當然內建是比不上功能完整的軟體防火牆

已OK了..感謝指導(最後是上台灣微軟的網站找到了安裝的方式)..