Ms03-39
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Ms03-39

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    748

    Ms03-39

    Only one security announcement from MS today...

    MS03-39- basically an updated patch for the RPC buffer overflow issues.

    Title: Buffer Overrun In RPCSS Service Could Allow Code Execution
    (824146)
    Date: September 10, 2003
    Software: Microsoft Windows NT Workstation 4.0; Microsoft Windows NT
    Server(r) 4.0; Microsoft Windows NT Server 4.0, Terminal Server Edition;
    Microsoft Windows 2000; Microsoft Windows XP; Microsoft Windows Server
    2003
    Impact: Run code of attacker's choice
    Maximum Severity Rating: Critical
    Bulletin: MS03-039

    The Microsoft Security Response Center has released Microsoft Security
    Bulletin MS03-039

    What Is It?
    The Microsoft Security Response Center has released Microsoft Security
    Bulletin MS03-039 which concerns a vulnerability in the versions of
    Microsoft Windows listed above.

    Microsoft has released a tool that can be used to scan a network for the
    presence of systems which have not had the MS03-039 patch installed.
    More details on this tool are available in Microsoft Knowledge Base
    article 827363. This tool supersedes the one provided in Microsoft
    Knowledge Base article 826369 which was developed to scan systems for
    the vulnerability patched by MS03-026.

    More information is now available at
    http://www.microsoft.com/technet/sec...n/MS03-039.asp

    In an effort to better communicate with our customers, Microsoft will
    also be conducting a Webcast to provide guidance on Protecting Your PC
    and details of MS03-039.
    http://www.microsoft.com/usa/webcasts/upcoming/2373.asp

    If you have any questions regarding this alert please contact your
    Technical Account Manager.

  2. #2
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Good ta know, thanks.


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    At this moment, several underground groups are racing to get a worm out into the wild. For all of you who just went through the blaster worm remediation process, get ready for part II. I'd advise all of your admins to get patching ASAP.

    As for me, it will be a late night as I have to coordinate the distribution and certify yet another MS patch.

    Dammit!
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Also, as posted on NTBugtraq. If you apply the MS03-039 patch and run the scanner for MS03-026 the scanner will say that you have not applyed the MS03-026 patch.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  5. #5
    Here we go again.. say hello to all those PCs you visited just the other week.

    It'd be nice if we'd been able to finish up from the RPC hole. And if we weren't constantly patching these MS products, maybe we'd be able to look at the automated deployment we need so much!

  6. #6

    New scan tool

    CXGJarrod, you posted:

    Also, as posted on NTBugtraq. If you apply the MS03-039 patch and run the scanner for MS03-026 the scanner will say that you have not applyed the MS03-026 patch.
    The Technet article on this one says that this situation is true, that scanners that scan for MS03-026 will not detect it being patched if you have this new patch only applied. Microsoft has a new scanner out that will detect both patches.

    Here is what Microsoft has to say on this:
    Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.
    Basically, I am just gonna sit in a corner and cry for a while. I personally patched 120 machines for this previously, and now I get to do it again!

  7. #7
    Senior Member
    Join Date
    Aug 2003
    Posts
    224
    Guys, Just wanted to know two things.

    If any of you guys would like to share a testing process for patches (other than the one MS reccomends)

    If anyone out there knows of any repercussions by this patch, PLEASE POST FOR THE SAKE OF OTHERS.................

    Thanks,
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  8. #8
    Junior Member
    Join Date
    Sep 2003
    Posts
    6
    No test like production

    Seriously....we have over 5000 units, probaby 3k with XP. And while we're pretty good to go at the firewall, we got hit bad over the head by laptop users plugging into our network.

    Our desktop/helpdesk [under]staff[ed] just could not react quick enough. We're still recovering from the 1st round.....

    We don't test....we DO. And hope for the best.
    Pete Fanning

  9. #9
    Senior Member
    Join Date
    Aug 2003
    Posts
    224
    Sometimes it is best to throw a patch out into the production world if you know that others have successfully installed the patch or if you see other companies getting hit with the vulnerability. Microsoft reccomends that you test a patch in a test environment for at least two weeks before implementing into a production environment. I don' remeber where that article is, but i'm sure that it is easy to find. Here is a link that compares Hotfixes to Service packs if anyone is interested.
    http://www.microsoft.com/technet/tre...s/srvpatch.asp
    Thanks for the input.
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  10. #10
    Banned
    Join Date
    Apr 2003
    Posts
    1,146

    Cool

    Yeah, I know you are supposed to test patches and updates. Normally, we do. However, in my environment (this is a horror story for another time), we just don't have the luxury of time and resources to run a two week test on a critical update while the production servers are hanging out with their collective fly open. We almost got caught on a zero-day once before and we can't afford to risk it again.

    We run a pretty vanilla shop with standard server and desktop hardware. So there are a minimal number of possible incompatible applications or systems that may be affected by the application of a critical patch or update. Our stance on vendor apps is that if a critical patch is applied and the app fails, it is placed off-line until the vendor fixes it. Security first.

    Roll-ups, SRs and such are checked out as best we can prior to putting into production. We also don't try to do too many things at once, especially on the servers. Again, time and resources play into these decisions, but the overriding criteria is security.

    We actually ran this RPCSS patch last night on all the servers. Everything seems to be fully functional and running smoothly this AM. The main thing, I think, is to keep the whole current. Not current in just the security patches, but the firmware, BIOS, the drivers, OS updates, all that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •