A New Security Hole In Windows: Surprise!

Microsoft warned of yet another serious flaw in several version of its Windows operating system yesterday. This flaw is similar to the one that made the SoBig worm so infectious. The new vulnerability involves the Remote Procedure Call function of Windows NT, Windows 2000, and Windows XP, and it could give crackers unfettered access to PCs running those OSes. Microsoft is providing a patch that should close the hole. Part of the problem with the patches that Microsoft releases is that they donit get installed by a good portion of Windows users. From Microsoftis TechNet Web site:

The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.

Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation -- two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

You can get more detail at Microsoftis TechNet Web site.