-----BEGIN PGP SIGNED MESSAGE-----

- - ---------------------------------------------------------------
Title:      Buffer Overrun In RPC Interface Could Allow Code 
            Execution (823980)

Date:       16 July 2003
Software:   Microsoft(r) Windows (r) NT 4.0
            Microsoft Windows NT 4.0 Terminal Services Edition 
            Microsoft Windows 2000 
            Microsoft Windows XP 
            Microsoft Windows Server 2003 
Impact:     Run code of attacker's choice
Max Risk:   Critical
Bulletin:   MS03-026

Microsoft encourages customers to review the Security Bulletins 
at: 
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
http://www.microsoft.com/security/security_bulletins/MS03-026.asp
- - ---------------------------------------------------------------

Issue:
======

Remote Procedure Call (RPC) is a protocol used by the Windows 
operating system. RPC provides an inter-process communication 
mechanism that allows a program running on one computer to 
seamlessly execute code on a remote system. The protocol itself 
is derived from the OSF (Open Software Foundation) RPC protocol, 
but with the addition of some Microsoft specific extensions. 

There is a vulnerability in the part of RPC that deals with 
message exchange over TCP/IP. The failure results because of 
incorrect handling of malformed messages. This particular 
vulnerability affects a Distributed Component Object Model (DCOM) 
interface with RPC, which listens on TCP/IP port 135. This 
interface handles DCOM object activation requests sent by client 
machines (such as Universal Naming Convention (UNC) paths) to the 
server. 

To exploit this vulnerability, an attacker would need to send a 
specially formed request to the remote computer on port 135. 


Mitigating factors: 
====================

 - To exploit this vulnerability, the attacker would require the 
ability to send a specially crafted request to port 135 on the 
remote machine. For intranet environments, this port would 
normally be accessible, but for Internet connected machines, the 
port 135 would normally be blocked by a firewall. In the case 
where this port is not blocked, or in an intranet configuration, 
the attacker would not require any additional privileges. 

 - Best practices recommend blocking all TCP/IP ports that are 
not actually being used. For this reason, most machines attached 
to the Internet should have port 135 blocked. RPC over TCP is not 
intended to be used in hostile environments such as the internet. 
More robust protocols such as RPC over HTTP are provided for 
hostile environments.

Risk Rating:
============
Critical

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read 
the  Security Bulletins at
   
http://www.microsoft.com/technet/security/bulletin/ms03-026.asp
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
   
   for information on obtaining this patch.


- - ---------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS 
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT 
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING 
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS 
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, 
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL 
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN 
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT 
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL 
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBPxSXX40ZSRQxA/UrAQE6PwgAp5nlZkLDJPNc8QNb5AajGy3R2SpaRhw2
WxonBgaiNU2sJscIQwObdjH1NHHq5Jw3ptFja/LbI/LOUZkQi6dOqPQjsyfthQzC
vUvGw5Fr0x3Pe1OJcsSmH6pl5XBOSSCVXRb4grHUZaMABymZkTzvz0rKonhpWDjv
OGnP9CisSxEBXMTnCIsqP6T1eoENxriICB3pR5ZuKqSgd+Q/J7DV1aTLwYCIaxwR
4a+d/xufAQyDW5WEdKvHlfoyw/ZKDIqIsUsueX5HX+PTBa5VRcaLYKk7GbDnStyB
3+aktUF1z5C9LqG5zDcFGXWOPEmERTWKUZ06YBIieNbZwV75pjxEmQ==
=KrV/
-----END PGP SIGNATURE-----

IT security jobs: What's in demand and how to meet it

Posted on 15 May 2013.  |  Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.

Is Microsoft is reading your Skype communications?

Posted on 15 May 2013.  |  The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.

Internet Explorer best at blocking malware

Posted on 14 May 2013.  |  While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.

Researcher refuses to help Saudi telco to spy on people

Posted on 14 May 2013.  |  You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.

Malicious browser extensions are hijacking Facebook accounts

Posted on 13 May 2013.  |  Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.