Mail Archive sponsored by
Chazzanut Online
jewish-music
Re: Critical Flaw Leaves Windows Server 2003 Vulnerable
- From: Marvin Margoshes <physchem...>
- Subject: Re: Critical Flaw Leaves Windows Server 2003 Vulnerable
- Date: Wed 13 Aug 2003 12.50 (GMT)
Critical Flaw Leaves Windows Server 2003 VulnerableWhen I opened this message,
a pop-up from Windows Explorer told me it had "an unspecified security flaw".
I had already installed the fix from Microsoft, and upgraded my Symantec
security programs.
----- Original Message -----
From: George Robinson
To: World music from a Jewish slant
Sent: Tuesday, August 12, 2003 9:31 PM
Subject: Critical Flaw Leaves Windows Server 2003 Vulnerable
Friends --
This is definitely NOT a hoax, as you can see from the source of the
information. I have already experienced this little "bug"
in Windows XP (Thanks Bill Gates, you jerk) and it's a pain in the neck.
Act as you will but I am downloading the patches even as you read this.
Best,
George
http://www.eweek.com/article2/0,3959,1195707,00.asp
--
For I bless God in the libraries of the learned
and for all the booksellers in the world.
--Christoper Smart; "Jubilate Agno"
------------------------------------------------------------------------------
Search in All SiteseWEEK Advanced Search
Already a Member? Sign In Not a member? Join Now
Home > Company Spotlight > Microsoft News > Securing Windows >
Critical Flaw Leaves Windows Server 2003 Vulnerable
News
eWEEK Labs
Opinion
Rumors
Security
Wireless
Storage
Linux
Company Spotlight
Microsoft News
IBM News
Apple News
Dell News
Sun News
Oracle News
HP News
AMD News
Intel News
Developer News
Interviews
eWEEK International
Careers Center
Tools & Utilities
IT Infrastructure
Free Subscription
White Papers
a.. Try digital eWEEK!
a.. Check out this issue
a.. Past Issues
a.. Free Subscription
a.. Subscriber Help
Free Online Seminars For IT Professionals
Notebooks for the Masses!
Navigating Your Backup & Storage Options
Get eWEEK's
FREE online newsletters!
eWEEK Product Update
eWeek Enterprise Update
eWEEK News & Views
Securing the Enterprise
Peter Coffee's Enterprise IT Advantage
eWEEK Storage Report
Preferred e-mail format:
HTMLText only
Enter your e-mail:
View All Newsletters
Newsletters Help
July 16, 2003
Critical Flaw Leaves Windows Server 2003 Vulnerable
By Dennis Fisher
Microsoft Corp. has issued a patch for the first serious
vulnerability to be found in the Windows Server 2003 software, which company
officials have said is their most secure OS yet.
Although this is actually the fourth flaw to affect Windows 2003,
it is the first one to be rated critical. The others were rated moderate risks
because they didn't affect default configurations of the software.
ADVERTISEMENT
This vulnerability is found in a portion of the Remote Procedure
Call (RPC) protocol that handles message exchanges over TCP/IP. The
vulnerability, which arises because of incorrect handling of error messages,
affects a particular Distributed Component Object Model interface with RPC.
The interface handles DCOM object activation requests sent by
client machines to the server, Microsoft said in its bulletin. A successful
exploitation of this flaw would give an attacker the ability to run code with
local system privileges on the compromised machine. This would give the
attacker complete control of the system.
MS Patches Trio of Windows Flaws
Microsoft Warns of Windows 2000 Server Flaw
NGSCB Spells Better Security for Windows
Microsoft Making Security Inroads
In addition to applying the patch for this vulnerability,
Microsoft officials recommend that customers block TCP port 135, the port on
which RPC listens.
Company officials said they believe they have identified the
procedural breakdown that allowed this vulnerability to creep into Windows
Server 2003.
"Our failure to find and fix this in the security push is a
process issue. We're updating our automated code scanning tool to find this
problem," said Jeff Jones, senior director of marketing for Trustworthy
Computing at Microsoft in Redmond, Wash. "Our target was to have zero
vulnerabilities [in Windows Server 2003], but realistically we knew it was
coming at some point."
The patch for this flaw, which also affects Windows NT 4.0, 2000
and XP, is located here.
Microsoft also issued patches for two other vulnerabilities on
Wednesday. The first is a flaw in the Windows shell in Windows XP that allows
an attacker to run code on vulnerable machines. The problem is in a function
used by the shell to extract custom attribute information from certain folders.
That patch is here.
The final vulnerability is in the Internet Security and
Acceleration server, Microsoft's firewall software. There is a cross-site
scripting flaw in many of the error pages the ISA server generates. Exploiting
this weakness would give an attacker the ability to execute code of the user's
machine. The patch for this flaw is located here.
------------------------------------------------------------------------
System Shopping Partners: Dell Business Systems | Dell Home Systems
------------------------------------------------------------------------
NEWS | eWEEK LABS | OPINION | RUMORS | SECURITY | WIRELESS |
STORAGE | LINUX NEWS | CAREERS CENTER | TOOLS & UTILITIES | IT INFRASTRUCTURE |
IBM NEWS | MICROSOFT NEWS | APPLE NEWS
ZIFF DAVIS SUPERSITES: SECURITY | WIRELESS | STORAGE
FREE ONLINE SEMINARS FOR EXECUTIVES AND IT PROFESSIONALS
a.. 07/24 - Shifting to Utility Computing with Michael Krieger.
Sponsored by VERITAS Software.
b.. 07/31 - Scaling Your Linux Server Bandwith with Frank
Derfler. Sponsored by Intel.
view more eSeminars >>
NEW PCMAG UTILITY!
Take Control of your Computer with the latest PC Magazine
Utility: PCMagazine's TaskPower.
PC Magazine's TaskPower utility takes the Windows Task
Manager concept and puts it on steroids. This program not only tells you what
applications are doing and which processes are safe to shut down, it gets
smarter on a daily basis. This is one utility you won't want to miss! Read the
article, join the Utility Library and download TaskPower today.
Read More and Download it Now!
More PCMag Utilities >>
TECH SHOP @ EWEEK
Get the BEST PRICES on Handheld Computers & PDAs in eWEEK's
Tech Shop.
Best-Selling Handhelds:
a.. HP iPAQ H2210 Color 64MB
b.. Palm Tungsten T Color 16MB
c.. Dell Axim X5 Color 64MB
d.. Sony Clie TG50 Color 16MB
e.. Toshiba E740 64MB
f.. ViewSonic V35 64MB
More Tech Shop >>
Microsoft Software Management Guide - Free Download
Full of tips and tools to help your company track software
license purchases, manage licensing costs, and increase efficiency. Download it
today from Microsoft?s official software asset management site.
GoToMyPC - Secure Remote Access
Empower your company with secure remote access. GoToMyPC is
fast, secure and easy to set up. Click here for more information and a free
trial of GoToMyPC.
EnterpriseSoftwareHQ: Management Software
Free software research at EnterpriseSoftware|HQ,
headquarters for buyers and sellers of enterprise software. Quickly investigate
hundreds of today's top vendors, create a short list, and even send RFPs - all
in a fraction of the usual time!
Storage Resource Management Tool.
Pinpoint Active and Inactive data on your network
infrastructure. Reduce inactive data by 30-50 percent. Storage Guardian LAN
Discovery Tool from $299.
PC and Server Administration: RemotelyAnywhere 5.0
Remotely control and administer your servers and PCs with
just a Web browser. Manage your entire network with the free RA Console. RA is
also an ideal remote helpdesk tool. Download a free fully functional 30-day
trial.
Get your product or service listed here.
Email this Article
Printer-Friendly Version
Security Views
Seltzer: Even Antivirus Scanners Make Mistakes
Security Supersite
BREAKING NEWS
7:30PM
Lotus Scales Down Domino for Midmarket
7:12PM
Primus Buys Broad Daylight
6:55PM
HP Extends Hitachi Resale Agreement
6:29PM
BMC Links IT Assets, Business Services
5:17PM
ClearCube to Extend Blade PCs
MORE
eWEEK RSS FEEDS
Want an easy way to keep up with breaking tech news?
Get eWEEK headlines delivered to your desktop with RSS.
WHITE PAPERS
Latest White Papers on Security:
Protecting Your Network from Unknown Vulnerabilities
App Security Business
Improve Security With Client and Server Digital Certificates
More White Papers and Reports on
a.. Security Mgmt.
a.. Network Security
a.. Intrusion Detection
Apply now for a free subscription to the weekly print
edition:
First Name: Last Name:
Company: Title:
Address: City:
State: Email:
AL AK AZ AR CA CO CT DE DC FL GA GU HI ID IL IN IA KS KY
LA ME MD MA MI MN MS MO MT NE NV NH NJ NM NY NC ND OH OK OR PA PR RI SC SD TN
TX UT VT VI VA WA WV WI WY -- AE AP -- AB BC MB NB NF NS NT ON PE QC SK YT
Zip:
Shop Now! - Dell Home Solutions Center
Free Monitor Upgrade w/ new DellT PCs. Click.
See how storage drives continuous availability
Dell: See how your current server configuration stacks up.
Try the new Visual Studio .NET 2003 free for 3 hrs
Try new Microsoft® Windows® Server 2003 free.
DB2 information management software for an on demand era. Can you see
it?
WebSphere Software
Tivoli Software
Download the Ziff Davis Blades Server Report Here. Sponsored by Hewlett
Packard.
FREE HP Print Server Appliance www.hp.com/go/tpm4
FREE performance boost. Find out what you're MISSING.
Click here for the Ziff Davis IT Zone sponsored by HP
eWEEK: Customer Service | Contact Us | About | Advertise
Ziff Davis Media: Home | Contact Us | Advertise | Magazine
Subscriptions | Newsletters | RSS Feeds | White Papers | Tech Shop
Baseline | CIO Insight | Computer Gaming World | Electronic Gaming
Monthly | eSeminars | eWEEK
ExtremeTech | GameNOW | Microsoft Watch | Official US PlayStation
Magazine | PC Magazine
Supersites: Security | Small Business | Storage | Wireless
Privacy Policy | Terms of Use
Copyright © 2000-2003 Ziff Davis Media Inc. All Rights Reserved.
eWEEK and Spencer F. Katt are trademarks of Ziff Davis Publishing
Holdings, Inc.
Reproduction in whole or in part in any form or medium without express
written permission of Ziff Davis Media Inc. is prohibited.
For reprint information: click here.