Microsoft Windows MS04-029 patch is not installed

win-ms04029-patch (17663) The risk level is classified as MediumMedium Risk

Description:

The patch specified in Microsoft Security Bulletin MS04-029 is not installed, which could allow a remote attacker to obtain sensitive information.

Microsoft Windows NT Server 4.0 SP6a and Windows NT Server TSE SP 6 could allow a remote attacker to obtain sensitive information, caused by a vulnerability in the Remote Procedure Call (RPC) Runtime Library. RPC is a protocol that permits applications to request running instructions on other applications elsewhere on a network. A remote attacker could send a specially-crafted message to an affected system multiple times to obtain sensitive information by reading portions of memory or cause the system to stop responding, resulting in a denial of service.


Consequences:

Obtain Information

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-029. See References.

References:

Platforms Affected:

  • Microsoft Windows NT 4.0 SP6 Terminal Server
  • Microsoft Windows NT 4.0 SP6a Server

Reported:

Oct 12, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page