Microsoft Security Bulletin MS03-026
Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Originally posted: July 16, 2003
Revised: September 10, 2003
Who should read this bulletin:
Users running Microsoft ® Windows ®
Impact of vulnerability:
Run code of attacker's choice
Maximum Severity Rating:
Systems administrators should apply the patch immediately
End User Bulletin:
An end user version of this bulletin is available at:
Protect your PC:
Additional information on how you can help protect your PC is available at the following locations:
- End Users can visit the Protect Your PC Web site.
- IT Professionals can visit the Microsoft TechNet Security Center Web site.
- Microsoft Windows NT® 4.0
- Microsoft Windows NT 4.0 Terminal Services Edition
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server™ 2003
Not Affected Software:
- Microsoft Windows Millennium Edition
- Microsoft Knowledge Base article 823980 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Center Web site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (July 16, 2003): Bulletin Created.
- V1.1 (July 18, 2003): Mitigating factors and Workaround section updated to reflect additional ports.
- V1.2 (July 21, 2003): Added Windows XP gold patch verification registry key.
- V1.3 (July 27, 2003): Updated Workaround section to include additonal information about how to disable DCOM.
- V1.4 (August 12, 2003): Updated to include information about Windows 2000 Service Pack 2 support for this patch and updated bulletin with additonal workaround information.
- V1.5 (August 14, 2003): Added details for scanner tool.
- V1.6 (August 15, 2003): Updated download links, removed the word "Server" from the NT4 link.
- V1.7 (August 18, 2003): Corrected minor formatting errors in the Frequently Asked Questions section.
- V1.8 (August 21, 2003): Updated supercedence information in the Additional Information section.
- V1.9 (August 25, 2003): Updated to include information about Windows NT 4.0 Workstation Service Pack 6a support for this patch
- V2.0 (September 10, 2003): Updated to include information about the release of MS03-039 and tool supercedence.