Microsoft Windows RPCSS Service RPC message can cause denial of service
| win-rpcss-rpcmessage-dos (15708) |  Medium Risk |
Description:
Microsoft Windows Server 2003, Windows XP, Windows 2000, and Windows NT 4.0 are vulnerable to a denial of service, caused by a vulnerability in the RPCSS Service. A remote attacker could send a specially-crafted RPC message to cause the RPCSS Service to stop responding to requests and possibly cause the service to automatically reboot.
Consequences:
Denial of Service
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-051. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, but it was superseded by the patch released with MS05-051.
For Microsoft Windows 2000:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-018. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, which was superseded by the patch released with MS05-051, and then superseded by the patch released with MS06-018.
For Windows XP and Windows Server 2003:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-051. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, but it was superseded by the patch released with MS05-012, which was superseded by the patch released with MS05-051.
For Windows NT 4.0:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-029. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, but it was superseded by the patch released with MS04-029.
References:
- CIAC Information Bulletin O-115: Microsoft Cumulative Update for RPC/DCOM.
- Internet Security Systems Security Alert, April 13, 2004: Multiple Vulnerabilities in Microsoft Products.
- Microsoft Security Bulletin MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741).
- Microsoft Security Bulletin MS04-029: Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350).
- Microsoft Security Bulletin MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400).
- Microsoft Security Bulletin MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580).
- BID-10127: Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability
- CVE-2004-0116: An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
- SA11065: Microsoft Windows RPC/DCOM Multiple Vulnerabilities
- SECTRACK ID: 1009758: Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service
- US-CERT VU#417052: Microsoft RPCSS Service contains memory leak in handling of specially crafted messages
Platforms Affected:
- Microsoft Windows 2000
- Microsoft Windows 2003 Server
- Microsoft Windows NT 4.0
- Microsoft Windows XP
Reported:
Apr 13, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net