Microsoft has issued an advisory warning users of three critical vulnerabilities that affect multiple versions of its Windows operating system, including the latest Windows Server 2003.
In the Microsoft Bulletin MS03-039 posted on its website on Wednesday, Microsoft urged security administrators to immediately patch their systems against the problem. The latest patch supersedes one the company issued July 16 for a similar RPC-related vulnerability (MS03-026).
The flaws exist in the remote procedure call protocol (RPC) used by the Windows operating system. The first two are buffer overrun vulnerabilities that could allow an attacker to take full administrative control of a victim's system. An attacker that exploited these flaws would be able to take a variety of actions, including installing malicious programs, deleting data or creating new accounts, according to Microsoft.
The third flaw is a denial-of-service vulnerability that could allow RPC services to hang and become unresponsive, according to Microsoft.
The affected versions of Windows are NT Workstation 4.0, Windows NT Server 4.0, Terminal Server Edition, Windows 2000, Windows XP and Microsoft Windows Server 2003.
Windows 98, Windows 98 Second Edition and Windows 95 operating systems aren't affected by the flaws.
The RPC protocol enables a program running on one computer to access services running on another system. According to Microsoft, the problems stem from the manner in which the Windows RPC service handles malformed messages. Under certain circumstances, the Windows RPC service doesn't check message inputs correctly, thereby allowing an attacker to send a deliberately malformed RPC message to exploit the flaws.
The latest flaws were discovered as a result of Microsoft's internal efforts and those of others in the security community, said Stephen Toulouse, a security program manager at Microsoft
After the release of the July 16 patch, "we turned around and conducted a fresh and in-depth review of RPC," which revealed several new issues, Toulouse said. "As with the (previous patch), we are absolutely urging users to immediately apply the patch."
While cautioning users that a patch is the most effective remedy against the flaws, Microsoft also issued several workarounds that users could take to mitigate exposure. The measures including blocking UDP ports 135, 137, 138 and 445 and TCP ports 135, 139, 445 and 593, and disabling COM Internet Services and RPC over HTTP.