U got the virus info wrong.
Buffer Overflows in
Windows RPC and XP Shell
Severity: High
16th July 2003
Summary:
Today, Microsoft released security bulletins describing two buffer overflow vulnerabilities affecting multiple versions of Windows.
The first buffer overflow arises from the Remote Procedure Call (RPC) service that ships with many versions of Windows, and allows an attacker to gain absolute control of your users' Windows machines. The second overflow only affects Windows XP and can allow an attacker to execute code with the logged-in user's privileges. There is no direct impact on WatchGuard products. Windows administrators should download, test and deploy the appropriate patches immediately.
Exposure:
Today, in separate bulletins, Microsoft described two new buffer overflow vulnerabilities. Each flaw affects different versions of Windows. Regardless of which versions of Windows you run, most likely one of the flaws affects you. The vulnerabilities are summarized below in order of severity, with the worst, first:Remote
Procedure Call (RPC) is a protocol Microsoft Windows uses to allow one computer on a network to execute a task on another computer and receive back the results of that task. However, Microsoft's Security Bulletin 03-026 describes a buffer overflow vulnerability in the RPC service that ships with Windows NT 4.0, 2000, XP, and 2003. Since the service does not properly validate one type of RPC message, an attacker could send your users' machines a specially malformed RPC message to cause a buffer overflow, in turn allowing him to execute code on your system. Since the RPC service has full system privileges, the attacker could exploit this flaw to gain absolute control of your Windows machines. Patch this critical flaw as soon as you can.
The Windows shell is essentially the core component providing Windows' recognizable GUI Unfortunately, Microsoft's Security Bulletin 03-027 warns of a new buffer overflow vulnerability in Windows XP's shell. The vulnerability involves a feature that allows XP users to individually customize the look and feel of each folder. Windows XP stores each folder's customized settings in a file called desktop.ini, and automatically loads those customizations whenever you browse to a folder. According to Microsoft, if an attacker could entice one of your users to a Windows share containing a malicious desktop.ini file, that could instigate a buffer overflow allowing the attacker to execute code on that user's machine with that user's privileges. Windows file sharing typically only works in a LAN environment, making this primarily a local insider exploit.
Solution Path:
Microsoft has released patches to fix both these vulnerabilities. Windows administrators should download, test, and deploy the corresponding patch as soon as possible:
1. Windows RPC Buffer Overflow
Windows NT 4.0 Server
Windows NT 4.0 Terminal Server Edition
Windows 2000
Windows XP 32 bit Edition
Windows XP 64 bit Edition
Windows Server 2003 32 bit Edition
Windows Server 2003 64 bit Edition
2. Window XP Shell Buffer Overflow
Microsoft Windows XP 32 bit Edition
Microsoft Windows XP 64 bit Edition
How Would a Hacker Exploit The Vulnerability?:
A hacker would exploit the RPC vulnerability over TCP port 135. By default, most firewalls deny incoming access to this port. As long as you have not allowed incoming access using the SMB service, you are safe from Internet-based attackers. To avoid local attacks, apply the corresponding patches above.
Since the second attack is mostly a local concern, the patches above are your primary recourse.
Status:
Patches are available.
Direct Impact on Star Products:
None.
Impact on Networks Protected by Star Products:
Remote attackers could potentially gain total control of your Windows Systems if you are allowing TCP port 135 inbound through your firewall.
References:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-027
Now to go post my Q about my rex =P