Bug Affects NT, W2K, SQL and Exchange

For the third time in three days, Microsoft Corp. alerted customers to a serious new bug in its Windows NT 4.0 and Windows 2000 operating systems. And in a separate action, the software giant confirmed the existence of a vulnerability in its Windows Media Player application that could allow an attacker to execute code of her choice on a compromised system.

In a security bulletin which it dispatched to the subscribers of its Security mailing list, Microsoft acknowledged a problem with its remote procedure call (RPC) implementation that affects services running on Windows NT 4.0, Windows 2000, SQL Server 7.0, SQL Server 2000, Exchange 5.5 and Exchange 2000.

According to Microsoft, the vulnerability is a result of “mismatch” between the interface definitions in several RPC server stubs and the input validation code in the associated servers. Because certain inputs aren’t validated prior to use, Microsoft says, invalid definitions that are permissible vis-à-vis the interface definitions could in some cases be used to disrupt server operation.

As was the case with yesterday’s RDP vulnerability, an attacker could exploit the RPC vulnerability to launch a denial of service (DoS) attack against an affected server. In most cases, such an attack would cause a specific RPC-dependent service to hang, but in some cases, Microsoft acknowledged, a DoS attack of this type would cause a system-wide failure that could only be fixed by a reboot.

IT organizations that have followed Microsoft’s best practices and which have blocked Internet access to the ports on which the affected RPC server stubs listen should be unaffected by external attempts to compromise this vulnerability, the software giant claims.

Microsoft provided a variety of hotfixes to fix this latest vulnerability. Administrators must apply all pertinent patches, however, which could complicate matters to some extent: A Windows NT 4.0 Server hosting SQL Server 7.0 and Exchange 5.5 must apply all three hotfixes to properly patch the problem.

In a related move, the software giant last night distributed still another bulletin to the subscribers of its security mailing list and alerted them to the presence of a buffer overrun vulnerability that affects versions 6.4, 7.0 and 7.1 of its Media Player application.

The vulnerability occurs because of an unchecked buffer in the .NSC files that Media Player uses to support play-list functionality. If properly exploited, the Media Player vulnerability could allow an attacker to run code of her choice on a compromised system.

The problem is exacerbated because an attacker could attach a malicious .NSC file to an e-mail message or provide a link – via e-mail – to a Web page from which a malicious .NSC file could be downloaded.

Microsoft provided patches for all three affected Windows Media player variants. Stephen Swoyer

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus