A new exploit might take advantage of problems in RPC on Windows XP Service Pack 1 (SP1) and Windows 2000 SP4 systems. A successful attack might lead to a Denial of Service (DoS) condition. The vulnerability can be exploited by sending specially crafted Universal Plug and Play (UPnP) requests. A memory allocation error occurs when such requests are processed by remote procedure calls (RPCs).
Microsoft Security Advisory (911052), "Memory Allocation Denial of Service Via RPC," published November 16, says that the company is aware of the potential for exploitation and includes information about possible workarounds and defensive measures. Microsoft also said that it'is investigating the problem and might eventually release a security update.
Microsoft said that systems using XP SP2 and Windows Server 2003 aren't affected by this vulnerability. You can read further details in the advisory.
