Content
(MS09-026) Microsoft Windows RPC Marshalling Engine Vulnerability (970238)
- Type
- Format String
- Impact of exploitation
- Privilege Escalation
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Low
- CVE reference
- CVE-2009-0568,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP3,
- Windows XP X64 SP2,
- Windows 2003 SP2,
- Windows 2003 x64 SP2,
- Windows 2003 Itanium SP2,
- Windows Vista SP1,
- Windows 2008,
- Windows 2008 Itanium,
- Windows 2008 x64,
- Windows Vista SP2,
- Windows 2008 SP2,
- Windows 2008 Itanium SP2,
- Windows 2008 x64 SP2,
- Summary
- A vulnerability in Microsoft Windows may allow for remote privilege escalation attacks.
Tab Navigation
Description
A vulnerability in Microsoft Windows may allow for remote privilege escalation attacks. The flaw is specific to the use of RPC (Remote Procedure Calls) in Windows. The RPC Marshalling Engine does not update internal states in an appropriate manner. This condition can lead to certain pointers being read/accessed from an incorrect location in memory. Upon exploitation, and attacker can gain elevated privileges and potentially take full control of the compromised machine.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-026.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-026) Microsoft Windows RPC Marshalling Engine Vulnerability (970238)
- Signature identifier:
- 6770
- Release date:
- 6/9/2009
The Remedy V-Flash of June 10 contains remedies.
- Release date:
- 6/10/2009
Additional Resources
Vulnerability in RPC Could Allow Elevation of Privilege (970238)
http://www.microsoft.com/technet/security/bulletin/ms09-026.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Windows may allow for remote privilege escalation attacks. The flaw is specific to the use of RPC (Remote Procedure Calls) in Windows. The RPC Marshalling Engine does not update internal states in an appropriate manner. This condition can lead to certain pointers being read/accessed from an incorrect location in memory. Upon exploitation, and attacker can gain elevated privileges and potentially take full control of the compromised machine.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-026.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-026) Microsoft Windows RPC Marshalling Engine Vulnerability (970238)
- Signature identifier:
- 6770
- Release date:
- 6/9/2009
The Remedy V-Flash of June 10 contains remedies.
- Release date:
- 6/10/2009
Additional Resources
Additional Resources -
Vulnerability in RPC Could Allow Elevation of Privilege (970238)
http://www.microsoft.com/technet/security/bulletin/ms09-026.mspx
