Reported April 13, 2004, by Microsoft.
· Windows Server 2003
· Windows XP
· Windows 2000 Server
· Windows NT Server 4.0 Service Pack (SP) 6a
· Windows NT Server 4.0, Terminal Server Edition (WTS) SP6
· Windows NT Workstation 4.0 SP6a
· Windows Me
· Windows 9x
Several new vulnerabilities exist in Microsoft remote procedure call/Distributed COM (RPC/DCOM), the most serious of which could result in the execution of arbitrary code on the vulnerable system. These four new vulnerabilities consist of
· RPC Runtime Library vulnerability
· Remote Procedure Call Subsystem Service (RPCSS) vulnerability
· COM Internet Services—RPC over HTTP vulnerability
· Object identity vulnerability
Microsoft has released Microsoft Security Bulletin MS04-012, "Cumulative Update for Microsoft RPC/DCOM," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.
Discovered by eEye Digital Security, Qualsys and Todd Sabin.