|
Family: Windows : Microsoft Bulletins --> Category: infos
Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) Vulnerability Scan
Vulnerability Scan Summary Acertains if hotfix 873350 has been installed
Detailed Explanation for this Vulnerability Test
Synopsis :
It is possible to crash the remote web server or retrieve sensitive information.
Description :
The remote Windows operating system contains a bug in RPC Runtime Library.
RPC is a protocol used by Windows to provide an inter-process communication
mechanism which allows a program running on one system to access services on
another one.
A bug affecting the implementation of this protocol may allow a possible hacker
to cause it to crash, thus resulting in a crash of the whole operating system,
or to disclose random parts of the memory of the remote host.
A possible hacker may exploit this flaw to obtain sensitive information about the
remote host, by forcing it to disclose portions of memory containing passwords,
or to cause it to crash repeatedly, thus causing a denial of service for
legitimate users.
Solution :
Microsoft has released a patch for Windows NT:
http://www.microsoft.com/technet/security/bulletin/ms04-029.mspx
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:C/I:N/B:A)
Click HERE for more information and discussions on this network vulnerability scan.
|