Reported April 13, 2004, by Microsoft.

 

 

 

VERSIONS AFFECTED

 

·         Windows Server 2003

·         Windows XP

·         Windows 2000 Server

·         Windows NT Server 4.0 Service Pack (SP) 6a

·         Windows NT Server 4.0, Terminal Server Edition (WTS) SP6

·         Windows NT Workstation 4.0 SP6a

·         Windows Me

·         Windows 9x

 

DESCRIPTION

 

Several new vulnerabilities exist in Microsoft remote procedure call/Distributed COM (RPC/DCOM), the most serious of which could result in the execution of arbitrary code on the vulnerable system. These four new vulnerabilities consist of

·         RPC Runtime Library vulnerability

·         Remote Procedure Call Subsystem Service (RPCSS) vulnerability

·         COM Internet Services—RPC over HTTP vulnerability

·         Object identity vulnerability

 

VENDOR RESPONSE

 

Microsoft has released Microsoft Security Bulletin MS04-012, "Cumulative Update for Microsoft RPC/DCOM," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

 

CREDIT

 

Discovered by eEye Digital Security, Qualsys and Todd Sabin.