Best Practices for Mitigating RPC and DCOM
Vulnerabilities
This white paper is being made available to assist
system administrators and technical personnel in
preventing damage caused by an exploit for
vulnerabilities in the RPC and DCOM sub-systems in
Microsoft’s operating systems. Several such
vulnerabilities have been announced in Microsoft
security bulletins MS03-026 and MS03-039. The
vulnerabilities affect most currently supported
Microsoft operating systems. However, this paper
is primarily geared to technical personnel
supporting organizational networks. Consumers are
encouraged to go to
www.microsoft.com/protect to get information
on the three steps they can follow to help protect
themselves from this and other threats. Source: Microsoft.com
Windows 2000 SP4 released
Windows
2000 Service Pack 4 (SP4) provides the latest updates to the
Windows 2000 operating systems. This service pack includes 669
public fixes and 6 partner only fixes in the following areas:
security, application compatibility, operating system
reliability, and setup. Windows 2000 SP4 is a recommended
update that includes the updates contained in previous
Windows 2000 service packs. To determine whether to install
Windows 2000 SP4, Microsoft recommends that you review the
Windows 2000 SP4 documentation. (June 26, 2003)
Microsoft patch freezes some systems
The software giant says
some customers who applied quick fixes in late 2001 and early
2002 may have problems with a recently released update. Source:
CNET (March 20, 2003)
Microsoft patch for latest flaw causing problems
Microsoft's patch for the latest vulnerability in its products,
a critical flaw in Windows 2000, does not appear to do the job
it is supposed to do - patch the hole. Source: theage.com.au
(March 19, 2003)
IE Cumulative Update Is Messy
Microsoft has released an updated cumulative IE
rollup; if you distributed the original February 5
rollup, you might need to apply two additional
hotfixes -
one to correct the IE
6.0 authentication problem and one to restore
HTML-based Help functionality in the browser..
Source: Windows & .NET Magazine
Post-SP3
FRS Update Polishes Performance; and First 2003
Security Hotfix
Microsoft releases a post-Win2K SP3 FRS tune-up
that addresses several inefficiencies in the
original replication model, and the company issues
the first security hotfix of 2003 to eliminate a
buffer overflow condition. Source: Windows &
.NET Magazine (Feb 5, 2003)
|