|
Microsoft远程过程调用存在拒绝服务攻击漏洞
受影响系统:
-----------------------------------------------------------------------
---------
Microsoft Exchange Server 5.5SP4
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5SP3
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5SP2
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5SP1
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
Microsoft Exchange Server 2000
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
Microsoft SQL Server 7.0
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft SQL Server 2000 Service Pack 1
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
Microsoft SQL Server 2000
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
Microsoft SQL Server 7.0 Service Pack 3.0
- Microsoft SQL Server 7.0
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft SQL Server 7.0 Service Pack 2.0
- Microsoft SQL Server 7.0
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft SQL Server 7.0 Service Pack 1.0
- Microsoft SQL Server 7.0
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Windows 2000 SP2
Microsoft Windows 2000 SP1
Microsoft Windows 2000
Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
Microsoft Windows NT 4.0
不受影响的系统:
-----------------------------------------------------------------------
---------
漏洞内容:
-----------------------------------------------------------------------
---------
WINDOWS在部分RPC服务stub中的接口定义和远程服务的输入验证代码
存在矛盾,如果部分输入由接口定义来验证,这样就会造成目标服务
会不正确验证输入,因此,会影响服务性能和其他引用程序的运行。
与RPC服务相关的有Exchange, SQL, Windows NT 4.0 和 Windows 2000 存在此漏
洞。
攻击实例:
-----------------------------------------------------------------------
---------
尚无
解决方案:
-----------------------------------------------------------------------
---------
下载补丁:
Microsoft Exchange Server 5.5SP4:
Microsoft patch Q304062engi386
http://download.microsoft.com/download/exch55/Patch/5.5.2654.51/NT45/EN
-US/Q304062engi386.EXE
Microsoft Exchange Server 2000 SP1:
Microsoft patch Q304063engi386
http://download.microsoft.com/download/exchangeentserver/Patch/06.00.06
.4419/NT5/EN-US/Q304063engi386.EXE
Microsoft Exchange Server 2000:
Microsoft patch Q304063engi386
http://download.microsoft.com/download/exchangeentserver/Patch/06.00.06
.4419/NT5/EN-US/Q304063engi386.EXE
Microsoft SQL Server 2000 Service Pack 1:
Microsoft patch Q298012_SQL2000_x86_en
http://download.microsoft.com/download/SQLSVR2000/Hotfix/Q298012/WIN98M
eXP/EN-US/Q298012_SQL2000_x86_en.exe
Microsoft SQL Server 2000:
Microsoft patch Q298012_SQL2000_x86_en
http://download.microsoft.com/download/SQLSVR2000/Hotfix/Q298012/WIN98M
eXP/EN-US/Q298012_SQL2000_x86_en.exe
Microsoft SQL Server 7.0 Service Pack 3.0:
Microsoft patch Q298012_SQL70SP2_x86_en
http://download.microsoft.com/download/sql70/Hotfix/Q298012/WIN98MeXP/E
N-US/Q298012_SQL70SP2_x86_en.exe
Microsoft SQL Server 7.0 Service Pack 2.0:
Microsoft patch Q298012_SQL70SP2_x86_en
http://download.microsoft.com/download/sql70/Hotfix/Q298012/WIN98MeXP/E
N-US/Q298012_SQL70SP2_x86_en.exe
Microsoft Windows 2000 SP2:
Microsoft patch Q298012_W2K_SP3_x86_en
http://download.microsoft.com/download/win2000platform/Patch/Q298012/NT
5/EN-US/Q298012_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 SP1:
Microsoft patch Q298012_W2K_SP3_x86_en
http://download.microsoft.com/download/win2000platform/Patch/Q298012/NT
5/EN-US/Q298012_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 :
Microsoft patch Q298012_W2K_SP3_x86_en
http://download.microsoft.com/download/win2000platform/Patch/Q298012/NT
5/EN-US/Q298012_W2K_SP3_x86_en.EXE |