Bug Affects NT, W2K, SQL and Exchange

For the third time in three days, Microsoft Corp. alerted customers to a serious new bug in its Windows NT 4.0 and Windows 2000 operating systems. And in a separate action, the software giant confirmed the existence of a vulnerability in its Windows Media Player application that could allow an attacker to execute code of her choice on a compromised system.

In a security bulletin which it dispatched to the subscribers of its Security mailing list, Microsoft acknowledged a problem with its remote procedure call (RPC) implementation that affects services running on Windows NT 4.0, Windows 2000, SQL Server 7.0, SQL Server 2000, Exchange 5.5 and Exchange 2000.

According to Microsoft, the vulnerability is a result of “mismatch” between the interface definitions in several RPC server stubs and the input validation code in the associated servers. Because certain inputs aren’t validated prior to use, Microsoft says, invalid definitions that are permissible vis-à-vis the interface definitions could in some cases be used to disrupt server operation.

As was the case with yesterday’s RDP vulnerability, an attacker could exploit the RPC vulnerability to launch a denial of service (DoS) attack against an affected server. In most cases, such an attack would cause a specific RPC-dependent service to hang, but in some cases, Microsoft acknowledged, a DoS attack of this type would cause a system-wide failure that could only be fixed by a reboot.

IT organizations that have followed Microsoft’s best practices and which have blocked Internet access to the ports on which the affected RPC server stubs listen should be unaffected by external attempts to compromise this vulnerability, the software giant claims.

Microsoft provided a variety of hotfixes to fix this latest vulnerability. Administrators must apply all pertinent patches, however, which could complicate matters to some extent: A Windows NT 4.0 Server hosting SQL Server 7.0 and Exchange 5.5 must apply all three hotfixes to properly patch the problem.

In a related move, the software giant last night distributed still another bulletin to the subscribers of its security mailing list and alerted them to the presence of a buffer overrun vulnerability that affects versions 6.4, 7.0 and 7.1 of its Media Player application.

The vulnerability occurs because of an unchecked buffer in the .NSC files that Media Player uses to support play-list functionality. If properly exploited, the Media Player vulnerability could allow an attacker to run code of her choice on a compromised system.

The problem is exacerbated because an attacker could attach a malicious .NSC file to an e-mail message or provide a link – via e-mail – to a Web page from which a malicious .NSC file could be downloaded.

Microsoft provided patches for all three affected Windows Media player variants. Stephen Swoyer

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.