In July, Microsoft released a critical security fix, warning users that attackers could use the specified vulnerability to take over users' systems and wreak havoc on the Internet. A month later the infamous MSBlaster worm exploited that vulnerability. Yesterday, Microsoft released another critical security fix that fixes a vulnerability that's painfully similar to the one that led to MSBlaster. If you didn't feel sufficiently warned the first time around, take this warning to heart: You need to install this fix immediately.
The fix, one of three detailed in Microsoft Security Bulletin MS03-039 (Buffer Overrun In RPCSS Service Could Allow Code Execution), supersedes and includes the fix for the earlier vulnerability, detailed in Microsoft Security Bulletin MS03-026(Buffer Overrun In RPC Interface Could Allow Code Execution). As with the original vulnerability, the new vulnerability that MS03-039 fixes involves the remote procedure call (RPC) technology in various Windows NT-based Windows versions, including Windows Server 2003, Windows XP, Windows 2000, NT Workstation 4.0, NT Server 4.0, and NT Server 4.0, Terminal Server Edition (WTS).
If you have a recent Windows version, you can simply download the patch from Windows Update or Auto Update, features that are included with your OS. For more information about the security patch or the other tools Microsoft offers to protect your system, visit the Microsoft Web site.
