Security Alert, September 11, 2003 Arbitrary Code Execution and Denial of Service in Microsoft RPCSS eEye Digital Security, NSFOCUS Security Team, and Xue Yong Zhi and Renaud Deraison from Tenable Network Security have discovered that three new vulnerabilities exist in the part of the Remote Procedure Call Subsystem (RPCSS) Service that deals with RPC messages for Distributed COM (DCOM) activation. Two of these vulnerabilities could allow arbitrary code execution on the vulnerable system. The third vulnerability could result in a Denial of Service (DoS) condition. Microsoft has released security bulletin MS03-039, "Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)," which addresses these vulnerabilities, and recommends that affected users immediately apply the appropriate patch listed in the bulletin. This patch supercedes the patch listed in Microsoft Security Bulletin MS03-026. http://www.secadministrator.com/Articles/Index.cfm?ArticleID=40255

Critical Update for Microsoft Windows New RPC flaw discovered and patched http://www.microsoft.com/security/security_bulletins/ms03-039.asp Microsoft has announced a patch for a serious security flaw affecting Microsoft Windows NT, Windows 2000, Windows XP, and Windows Server 2003. This is a flaw very similar to the RPC flaw announced in July that led to the MSBlaster email worm, and it can lead to the exact same exploit. Be aware that even if you have installed the patch available in July, you still need to download and install this new patch. The MSBlaster worm, which was released after someone published detailed instructions to a security mailing list showing how to exploit the previous RPC flaw, caused severe problems all across the internet. SpywareInfo asks all readers running effected versions of Windows to please install this patch as soon as possible. Patch availability You can download this patch at WindowsUpdates, or at one of the locations listed below. Download locations for this patch Windows NT Workstation 4.0 Windows NT Server 4.0 Windows NT Server 4.0, Terminal Server Edition Windows 2000 Windows XP Windows XP 64 bit Edition Windows XP 64 bit Edition Version 2003 Windows Server 2003 Windows Server 2003 64 bit Edition