• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft MSDTC COM+ Remote Code Execution Vulnerability

Microsoft Windows is prone to a vulnerability in the COM+ (Component Object Model) functionality of the MSDTC (Microsoft Distribution Transaction Coordinator) service. This issue may permit remote and local attackers to execute arbitrary code in the context of the service.

This issue may be exploited by remote anonymous attackers on Windows 2000 platforms. On Windows XP versions up to and including SP1, the attacker must authenticate as the Guest or another account prior to exploitation. On Windows XP SP2 and all Windows Server 2003 operating systems, this issue is limited to local privilege escalation.

Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.