Microsoft Security Bulletin MS04-029

An information disclosure and denial of service vulnerability exists when the RPC Runtime Library processes specially crafted messages. An attacker who successfully exploited this vulnerability could potentially read portions of active memory or cause the affected system to stop responding.

Prerequisites
This security update requires Windows NT Server 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0 Terminal Server Edition Service Pack 6 (SP6).

The software that is listed has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

For more information about obtaining the latest service pack, see Microsoft Knowledge Base Article 152734.

Installation Information

This security update supports the following setup switches:

   /y: Perform removal (only with /m or /q )

   /f: Force programs to quit during the shutdown process

   /n: Do not create an Uninstall folder

   /z: Do not restart when the update completes

   /q: Use Quiet or Unattended mode with no user interface (this switch is a superset of /m )

   /m: Use Unattended mode with a user interface

   /l: List the installed hotfixes

   /x: Extract the files without running Setup

Note You can combine these switches into one command. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841.

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt for Windows NT Server 4.0:

Windowsnt4server-kb873350-x86-enu /q

For Windows NT Server 4.0 Terminal Server Edition:

Windowsnt4terminalserver-kb873350-x86-enu /q

To install the security update without forcing the system to restart, use the following command at a command prompt for Windows NT Server 4.0:

Windowsnt4server-kb873350-x86-enu /z

For Windows NT Server 4.0 Terminal Server Edition:

Windowsnt4terminalserver-kb873350-x86-enu /z

Restart Requirement

You must restart your system after you apply this security update.

Removal Information

To remove this security update, use the Add/Remove Programs tool in Control Panel.

System administrators can also use the Hotfix.exe utility to remove this security update. The Hotfix.exe utility is located in the %Windir%\$NTUninstallKB873350$ folder. The Hotfix.exe utility supports the following setup switches:

/y: Perform removal (only with the /m or /q switch)

/f: Force programs to quit during the shutdown process

/n: Do not create an Uninstall folder

/z: Do not restart when the installation is complete

/q: Use Quiet or Unattended mode with no user interface (this switch is a superset of the /m switch)

/m: Use Unattended mode with a user interface

/l: List the installed hotfixes

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Note Date, time, file name, or size information could change during installation. See the Verifying Update Installation section for details about how to verify an installation.

Windows NT Server 4.0:

Date Time Version Size File name
------------------------------------------------------
25-Feb-2004 15:53 4.0.1381.7263 701,200 Ole32.dll
17-Aug-2004 10:38 4.0.1381.7299 345,872 Rpcrt4.dll
25-Feb-2004 15:53 4.0.1381.7263 122,128 Rpcss.exe

Windows NT Server 4.0 Terminal Server Edition:

Date Time Version Size File name
-------------------------------------------------------
25-Feb-2004 15:52 4.0.1381.33562 701,200 Ole32.dll
21-Jul-2004 12:33 4.0.1381.33578 345,360 Rpcrt4.dll
25-Feb-2004 15:52 4.0.1381.33562 124,176 Rpcss.exe

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. This tool allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

• Registry Key Verification

  You may also be able to verify the files that this security update has installed by reviewing the following registry key:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873350\File 1

  Note This registry key may not contain a complete list of installed files. Also, this registry key may not be created correctly when an administrator or an OEM integrates or slipstreams the 873350 security update into the Windows installation source files.