Report from LSD-PL.net (English)

"The LSD Research Group was able to create proof of concept codes for this issue, which allowed for remote attack resulting in execution of any commands on vulnerable Windows systems with SYSTEM privileges (the highest level of access in Windows). The vulnerability is also exploitable in the case of Windows 2003 Server, regardless of the buffer overflow prevention mechanism it has been equipped with."

"Description

"This is a stack buffer overflow vulnerability that exists in an integral component of any modern Windows operating system, an RPC interface implementing Distributed Component Object Model services (DCOM). In a result of implementation error in a function responsible for instantiation of DCOM objects, remote attackers can obtain remote access to vulnerable systems.

"The internal experiments conducted in the LSD labs confirmed that this vulnerability affects all default installations of Windows 2000 (sp 1-4), Windows XP (sp 1) and Windows 2003 Server (regardless of the service packs installed). According to definitely more extensive tests performed by Microsoft (security bulletin), Windows NT 4.0 and Windows NT 4.0 Terminal Services Edition are also vulnerable to this threat. "

Aren't you glad you're running Linux on your servers? Here's the LSD list of Linux bugs.

- Willy Smith, reporting from Costa Rica