Yes, Windows 2000 covers Professional and Server. If you have been doing Windows Updates I think the patch is applied there. _____________________________________________________________________ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _____________________________________________________________________ Not everything that can be counted counts, and not everything that counts can be counted. - Albert Einstein _____________________________________________________________________
----- Original Message ----- From: "Dan Fluckiger" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 11, 2003 11:31 AM Subject: Re: [info-tech] Fw: Security Alert 2003-16 Buffer Overrun In RPCSS Service > Scott > > Apparently if I am running Server 2000 I don't have to worry about > this. Is this a correct assumption? > > Thanks > > Dan > > On Thursday, September 11, 2003, at 11:02 AM, Scott Fosseen wrote: > > > > > _____________________________________________________________________ > > Scott Fosseen - Systems Engineer -Prairie Lakes AEA > > http://fosseen.us/scott > > _____________________________________________________________________ > > "Everything that can be invented has been invented." > > - Charles H. Duell, Commissioner, U.S. Office of Patents, 1899. > > _____________________________________________________________________ > > > > ----- Original Message ----- > > From: "Lingren, Dave" <[EMAIL PROTECTED]> > > To: "Informational List for the ICN Network" > > <[EMAIL PROTECTED]> > > Sent: Thursday, September 11, 2003 10:24 AM > > Subject: FW: Security Alert 2003-16 Buffer Overrun In RPCSS Service > > > > > > The ITE Security group has released the following bulletin. Please > > read the > > contents of this bulletin and take actions appropriate for your > > organization. > > > > Thank you, > > > > Dave Lingren > > Iowa Communications Network > > 515-725-4795 Office > > 515-707-1638 Cell > > 515-234-2446 Pager > > > > > > Microsoft Security Bulletin: MS03-039 > > > > Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) > > http://www.microsoft.com/technet/security/bulletin/MS03-039.asp > > Originally Posted: September 10, 2003 > > > > Impact of vulnerability: Run code of attacker's choice > > > > Maximum Severity Rating: Critical > > > > Affected Software: > > * Microsoft Windows NT Workstation 4.0 > > * Microsoft Windows NT Server(r) 4.0 > > * Microsoft Windows NT Server 4.0, Terminal Server Edition > > * Microsoft Windows 2000 > > * Microsoft Windows XP > > * Microsoft Windows Server 2003 > > Not Affected Software: > > * Microsoft Windows Millennium Edition > > > > Technical Details: > > There are three identified vulnerabilities in the part of RPCSS > > Service that > > deals with RPC messages for DCOM activation- two that could allow > > arbitrary > > code execution and one that could result in a denial of service. The > > flaws > > result from incorrect handling of malformed messages. These particular > > vulnerabilities affect the Distributed Component Object Model (DCOM) > > interface within the RPCSS Service. This interface handles DCOM object > > activation requests that are sent from one machine to another. An > > attacker > > who successfully exploited these vulnerabilities could be able to run > > code > > with Local System privileges on an affected system, or could cause the > > RPCSS > > Service to fail. The attacker could then be able to take any action on > > the > > system, including installing programs, viewing, changing or deleting > > data, > > or creating new accounts with full privileges. To exploit these > > vulnerabilities, an attacker could create a program to send a > > malformed RPC > > message to a vulnerable system targeting the RPCSS Service. > > > > Solution: > > Systems administrators should apply the patch as soon as possible. > > > > NOTE: The fix provided by this patch supersedes the one included in > > Microsoft Security Bulletin MS03-026. > > > > > > Microsoft is also planning to host a live discussion regarding this new > > vulnerability. > > > > TechNet Webcast: Information Regarding Recently Announced RPC/DCOM > > Security > > Update (MS03-039) (KB 824146) > > September 12, 2003 - 9:00 A.M. to 10:00 A.M. Pacific Time / 12:00 P.M. > > Eastern Time > > http://www.microsoft.com/usa/webcasts/upcoming/2373.asp > > > > --- > > You are currently subscribed to infolist as: [EMAIL PROTECTED] > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > --- > > [This E-mail scanned for viruses by Declude Virus on the server > > aea5.k12.ia.us] > > > > > > --- > > [This E-mail scanned for viruses by Declude Virus on the server > > aea8.k12.ia.us] > > > > --------------------------------------------------------- > > Archived messages from this list can be found at: > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > --------------------------------------------------------- > > > > > __________________________ > Dan Fluckiger > Technology/Business Education > Grades 7-12 > Southeast Webster Schools > Burnside, IA 50521 > Ph. 515-359-2235 > Fax. 515-359-2236 > [EMAIL PROTECTED] > > --- > [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] > > --------------------------------------------------------- > Archived messages from this list can be found at: > http://www.mail-archive.com/[EMAIL PROTECTED]/ > --------------------------------------------------------- > --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/[EMAIL PROTECTED]/ ---------------------------------------------------------
