| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.SGI.4.43.0307162126100.303937-100000@ix.put.poznan.pl> Date: Wed, 16 Jul 2003 21:27:27 -0700 From: Last Stage of Delirium <contact@...-pl.net> To: bugtraq@...urityfocus.com Subject: [LSD] Critical security vulnerability in Microsoft Operating Systems Hello, We have discovered a critical security vulnerability in all recent versions of Microsoft operating systems. The vulnerability affects default installations of Windows NT 4.0, Windows 2000, Windows XP as well as Windows 2003 Server. This is a buffer overflow vulnerability that exists in an integral component of any Windows operating system, the RPC interface implementing Distributed Component Object Model services (DCOM). In a result of implementation error in a function responsible for instantiation of DCOM objects, remote attackers can obtain unauthorized access to vulnerable systems. The existence of the vulnerability has been confirmed by Microsoft Corporation. The appropriate security bulletin as well as fixes for all affected platforms are available for download from http://www.microsoft.com/security/ (MS03-026). It should be emphasized that this vulnerability poses an enormous threat and appropriate patches provided by Microsoft should be immediately applied. We have decided not to publish codes or any technical details with regard to this vulnerability at the moment. With best regards, Members of The Last Stage of Delirium Research Group http://lsd-pl.net
Powered by blists - more mailing lists