Critical Flaw Leaves Windows Server 2003 Vulnerable

Microsoft issues a patch for the first serious vulnerability to be found in Windows Server 2003, which gives attackers complete control of a compromised machine.

Microsoft Corp. has issued a patch for the first serious vulnerability to be found in the Windows Server 2003 software, which company officials have said is their most secure OS yet.

Although this is actually the fourth flaw to affect Windows 2003, it is the first one to be rated critical. The others were rated moderate risks because they didnt affect default configurations of the software.

This vulnerability is found in a portion of the Remote Procedure Call (RPC) protocol that handles message exchanges over TCP/IP. The vulnerability, which arises because of incorrect handling of error messages, affects a particular Distributed Component Object Model interface with RPC.

The interface handles DCOM object activation requests sent by client machines to the server, Microsoft said in its bulletin. A successful exploitation of this flaw would give an attacker the ability to run code with local system privileges on the compromised machine. This would give the attacker complete control of the system.

In addition to applying the patch for this vulnerability, Microsoft officials recommend that customers block TCP port 135, the port on which RPC listens.

Company officials said they believe they have identified the procedural breakdown that allowed this vulnerability to creep into Windows Server 2003.

"Our failure to find and fix this in the security push is a process issue. Were updating our automated code scanning tool to find this problem," said Jeff Jones, senior director of marketing for Trustworthy Computing at Microsoft in Redmond, Wash. "Our target was to have zero vulnerabilities [in Windows Server 2003], but realistically we knew it was coming at some point."

The patch for this flaw, which also affects Windows NT 4.0, 2000 and XP, is located here.

Microsoft also issued patches for two other vulnerabilities on Wednesday. The first is a flaw in the Windows shell in Windows XP that allows an attacker to run code on vulnerable machines. The problem is in a function used by the shell to extract custom attribute information from certain folders. That patch is here.

The final vulnerability is in the Internet Security and Acceleration server, Microsofts firewall software. There is a cross-site scripting flaw in many of the error pages the ISA server generates. Exploiting this weakness would give an attacker the ability to execute code of the users machine. The patch for this flaw is located here.