Multiple Vulnerabilities in Microsoft Windows RPC/DCOM

Reported April 13, 2004, by Microsoft.






·         Windows Server 2003

·         Windows XP

·         Windows 2000 Server

·         Windows NT Server 4.0 Service Pack (SP) 6a

·         Windows NT Server 4.0, Terminal Server Edition (WTS) SP6

·         Windows NT Workstation 4.0 SP6a

·         Windows Me

·         Windows 9x




Several new vulnerabilities exist in Microsoft remote procedure call/Distributed COM (RPC/DCOM), the most serious of which could result in the execution of arbitrary code on the vulnerable system. These four new vulnerabilities consist of

·         RPC Runtime Library vulnerability

·         Remote Procedure Call Subsystem Service (RPCSS) vulnerability

·         COM Internet Services—RPC over HTTP vulnerability

·         Object identity vulnerability




Microsoft has released Microsoft Security Bulletin MS04-012, "Cumulative Update for Microsoft RPC/DCOM," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.




Discovered by eEye Digital Security, Qualsys and Todd Sabin.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.