Joshua
09-11-2003, 10:29 AM
I am posting this here since it looks to be just as bad as the Blaster/Welchia exploit.. EVERYONE, RUN WINDOWS UPDATE NOW!!
-------------------------------------------------
by Paul Thurrott, [email protected]
Here We Go Again: Microsoft Issues New Security Fix
In July, Microsoft released a critical security fix, warning users
that attackers could use the specified vulnerability to take over
users' systems and wreak havoc on the Internet. A month later the
infamous MSBlaster worm exploited that vulnerability. Yesterday,
Microsoft released another critical security fix that fixes a
vulnerability that's painfully similar to the one that led to
MSBlaster. If you didn't feel sufficiently warned the first time
around, take this warning to heart: You need to install this fix
immediately.
The fix, one of three detailed in Microsoft Security Bulletin
MS03-039 (Buffer Overrun In RPCSS Service Could Allow Code Execution),
supersedes and includes the fix for the earlier vulnerability,
detailed in Microsoft Security Bulletin MS03-026(Buffer Overrun In RPC
Interface Could Allow Code Execution). As with the original
vulnerability, the new vulnerability that MS03-039 fixes involves the
remote procedure call (RPC) technology in various Windows NT-based
Windows versions, including Windows Server 2003, Windows XP, Windows
2000, NT Workstation 4.0, NT Server 4.0, and NT Server 4.0, Terminal
Server Edition (WTS).
If you have a recent Windows version, you can simply download the
patch from Windows Update or Auto Update, features that are included
with your OS. For more information about the security patch or the
other tools Microsoft offers to protect your system, visit the
Microsoft Web site.
http://www.microsoft.com/technet/security/bulletin/ms03-039.asp
-------------------------------------------------
by Paul Thurrott, [email protected]
Here We Go Again: Microsoft Issues New Security Fix
In July, Microsoft released a critical security fix, warning users
that attackers could use the specified vulnerability to take over
users' systems and wreak havoc on the Internet. A month later the
infamous MSBlaster worm exploited that vulnerability. Yesterday,
Microsoft released another critical security fix that fixes a
vulnerability that's painfully similar to the one that led to
MSBlaster. If you didn't feel sufficiently warned the first time
around, take this warning to heart: You need to install this fix
immediately.
The fix, one of three detailed in Microsoft Security Bulletin
MS03-039 (Buffer Overrun In RPCSS Service Could Allow Code Execution),
supersedes and includes the fix for the earlier vulnerability,
detailed in Microsoft Security Bulletin MS03-026(Buffer Overrun In RPC
Interface Could Allow Code Execution). As with the original
vulnerability, the new vulnerability that MS03-039 fixes involves the
remote procedure call (RPC) technology in various Windows NT-based
Windows versions, including Windows Server 2003, Windows XP, Windows
2000, NT Workstation 4.0, NT Server 4.0, and NT Server 4.0, Terminal
Server Edition (WTS).
If you have a recent Windows version, you can simply download the
patch from Windows Update or Auto Update, features that are included
with your OS. For more information about the security patch or the
other tools Microsoft offers to protect your system, visit the
Microsoft Web site.
http://www.microsoft.com/technet/security/bulletin/ms03-039.asp