Check Point Advisories

Security Best Practice: Protect Yourself from DCOM vulnerabilities

Check Point Reference: SBP-2006-21
Date Published: 16 Jul 2006
Severity: Critical
Last Updated: Sunday 01 January, 2006
Source: Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-039
Industry Reference:CVE-2003-0352
Protection Provided by:
Who is Vulnerable? Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server® 4.0
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Vulnerability Description The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network. Previously called "Network OLE," DCOM is designed for use across multiple network transports, including Internet protocols such as HTTP.

There are several known and widely exploited vulnerabilities through the use of DCOM over MS-RPC.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-039
Vulnerability DetailsThe vulnerabilities result because the Windows RPCSS service does not properly check message inputs under certain circumstances. After establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying Distributed Component Object Model (DCOM) activation infrastructure in the RPCSS Service on the remote system to fail in such a way that arbitrary code could be executed.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.