• info
• discussion
• exploit
• solution
• references

Microsoft Remote Procedure Call Service DoS Vulnerability

Solution:
Microsoft has released the following patches which rectify this issue. Please note that the Security Rollup Package for Windows NT 4.0 require SP6a to be installed. Additional information on this Rollup Package can be found in the reference section of this entry.

Microsoft has released an update to thir advisory MS01-041 reporting the Exchange Server and related fixes. Please see the referenced advisory for more information and details on obtaining fixes.


Microsoft Exchange Server 5.0 SP2

• Microsoft Security Update for Exchange 5.0 (KB834130)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=164610A4-AAFC -40AC-85CA-349DBDBE1731&displaylang=en

Microsoft Windows 2000 Server SP2

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft SQL Server 7.0 SP3

• Microsoft Q298012
  http://download.microsoft.com/download/sql70/Hotfix/Q298012/WIN98MeXP/ EN-US/Q298012_SQL70SP2_x86_en.exe

Microsoft Windows 2000 Advanced Server SP1

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Advanced Server SP2

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft Windows NT Server 4.0 SP6a

• Microsoft Q299444i
  http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/EN-US /Q299444i.exe

Microsoft Exchange Server 5.5 SP4

• Microsoft Q304062
  http://download.microsoft.com/download/exch55/Patch/5.5.2654.51/NT45/E N-US/Q304062engi386.EXE

Microsoft Exchange Server 2000

• Microsoft Q304063
  http://download.microsoft.com/download/exchangeentserver/Patch/06.00.0 6.4419/NT5/EN-US/Q304063engi386.EXE

Microsoft Windows NT Terminal Server 4.0 SP6

• Microsoft Q317636i
  http://download.microsoft.com/download/winntterminal/Patch/Q317636/NT4 /EN-US/Q317636i.EXE

Microsoft Windows 2000 Server SP1

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft Exchange Server 2000 SP1

• Microsoft Q304063
  http://download.microsoft.com/download/exchangeentserver/Patch/06.00.0 6.4419/NT5/EN-US/Q304063engi386.EXE

Microsoft SQL Server 2000 SP1

• Microsoft Q298012
  http://download.microsoft.com/download/SQLSVR2000/Hotfix/Q298012/WIN98 MeXP/EN-US/Q298012_SQL2000_x86_en.exe

Microsoft Windows 2000 Advanced Server

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Server

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft Windows NT Workstation 4.0 SP6a

• Microsoft Q299444i
  http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/EN-US /Q299444i.exe

Microsoft Windows 2000 Professional SP2

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft SQL Server 7.0 SP2

• Microsoft Q298012
  http://download.microsoft.com/download/sql70/Hotfix/Q298012/WIN98MeXP/ EN-US/Q298012_SQL70SP2_x86_en.exe

Microsoft Windows 2000 Professional

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft SQL Server 2000

• Microsoft Q298012
  http://download.microsoft.com/download/SQLSVR2000/Hotfix/Q298012/WIN98 MeXP/EN-US/Q298012_SQL2000_x86_en.exe

Microsoft Windows 2000 Professional SP1

• Microsoft Q298012
  http://download.microsoft.com/download/win2000platform/Patch/Q298012/N T5/EN-US/Q298012_W2K_SP3_x86_en.EXE

Microsoft Windows NT Enterprise Server 4.0 SP6a

• Microsoft Q299444i
  http://download.microsoft.com/download/winntsp/Patch/q299444/NT4/EN-US /Q299444i.exe