-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief September 10, 2003
Multiple Vulnerabilities in Microsoft RPC Service Synopsis: Microsoft has released a security bulletin (MS03-039) detailing three distinct vulnerabilities in the Windows RPC (Remote Procedure Call) functionality. One of the vulnerabilities disclosed is a denial of service condition, or DoS. The additional two vulnerabilities are buffer overflow vulnerabilities, and are significantly more serious in nature. Impact: The flaws described in this advisory are similar in nature and scope as the flaw described in Microsoft Security Bulletin MS03-026, and the ISS Security Alert titled, "Flaw in Microsoft Windows RPC Implementation". The new DoS vulnerability was disclosed by a hacking group in China on July 25, 2003, and functional exploit code is already in use on the Internet. The additional two new issues may allow remote attackers to compromise and gain complete control of vulnerable systems. The MS Blast and Nachi worms propagated via the vulnerabilities disclosed in MS03-26, and X-Force believes that there is significant potential for the creation and propagation of a serious Internet worm that exploits one or both of the newly disclosed RPC vulnerabilities. For the complete ISS X-Force Security Alert, please visit: http://xforce.iss.net/xforce/alerts/id/152 ______ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBP19Z7zRfJiV99eG9AQGJRAQAkZi3vJo72AD0jxanyXIxEIx+gbmOSo3o lDGu1pYD+wYAA2TY6//lIEj/ZuvBnjBexY65BQGgANnLB8NM7qbcbSWU0k3gei44 LX9nEpMvHs3MFfgu8G9cxJchAbXNnbLVCwQvF8tSJPw6zOXdk/H9eWEb6o/ynqC3 I95o0ipspBY= =l+vz -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
