Microsoft KB Archive/298012

= MS01-041: Malformed RPC request can cause service problems =

Article ID: 298012

Article Last Modified on 3/22/2007

-

APPLIES TO


 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 4
 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 5
 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Exchange Server 5.5 Standard Edition
 * Microsoft Exchange Server 5.5 Service Pack 1
 * Microsoft Exchange Server 5.5 Service Pack 2
 * Microsoft Exchange Server 5.5 Service Pack 3
 * Microsoft Exchange Server 5.5 Service Pack 4
 * Microsoft Exchange Server 2000 Service Pack 1
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT 4.0 Service Pack 1
 * Microsoft Windows NT 4.0 Service Pack 2
 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Exchange 2000 Enterprise Server
 * Microsoft SQL Server 7.0 Standard Edition
 * Microsoft SQL Server 7.0 Service Pack 1
 * Microsoft SQL Server 7.0 Service Pack 2
 * Microsoft SQL Server 2000 Standard Edition

-



This article was previously published under Q298012



SYMPTOMS
A denial-of-service vulnerability exists in the Microsoft products that are listed at the beginning of this article. This vulnerability can disrupt a server's ability to service legitimate users' requests if a specially malformed request is received.

The results of exploiting this vulnerability could vary, depending on the particular request and to which of the affected services the attacker could send the request. If best practices have been followed, an attacker on the Internet would be unable to send such a request to any of the affected services.



CAUSE
This vulnerability exists because the Remote Procedure Call (RPC) server stubs that are associated with certain services in the affected products do not correctly validate incoming requests before passing them to the associated service. This could enable a request to be passed to a service that would cause problems with the service.



Windows 2000
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

The English version of this fix should have the following file attributes or later:

Date       Time        Version          Size      File name --- 5/17/2001  02:33p    2000.2.3479.0      166,160   Catsrv.dll 6/28/2001  05:31p    2000.2.3479.0      575,760   Catsrvut.dll 5/17/2001  02:33p    2000.2.3479.0       96,016   Clbcatex.dll 5/17/2001  02:33p    2000.2.3479.0      508,688   Clbcatq.dll 5/17/2001  02:33p    2000.2.3479.0       37,648   Colbact.dll 5/17/2001  02:33p    2000.2.3479.0      201,488   Comadmin.dll 6/28/2001  05:31p    2000.2.3479.0    1,417,488   Comsvcs.dll 5/17/2001  02:33p    2000.2.3479.0      625,936   Comuid.dll 6/28/2001  05:31p    5.131.2195.3789    442,640   Cryptui.dll 6/21/2001  12:31a    5.0.2195.3759      270,608   Dhcpssvc.dll 5/4/2001   05:00p         -                9679   Dtcsetup.cat 5/4/2001   05:00p    2000.2.3479.0      822,600   Dtcsetup.exe 5/17/2001  02:33p    2000.2.3479.0      234,256   Es.dll 7/9/2001   06:38p    5.0.2195.3831       48,912   Llsrpc.dll 7/9/2001   01:40p    5.0.2195.3831       82,192   Llssrv.exe 5/17/2001  02:33p    5.0.0.720          278,800   Mq1repl.dll 2/28/2001  06:47p    5.0.0.720           14,096   Mq1sync.exe 5/29/2001  03:22p    5.0.0.735           71,120   Mqac.sys 5/17/2001  02:33p    5.0.0.721          21,4288   Mqads.dll 2/28/2001  06:47p    5.0.0.720           21,776   Mqbkup.exe 5/17/2001  02:33p    5.0.0.720           29,456   Mqcertui.dll 5/17/2001  02:33p    5.0.0.720           49,424   Mqclus.dll 5/17/2001  02:33p    5.0.0.720           29,968   Mqdbodbc.dll 5/17/2001  02:33p    5.0.0.720           75,536   Mqdscli.dll 5/17/2001  02:33p    5.0.0.720           41,744   Mqdssrv.dll 2/28/2001  06:47p    5.0.0.720           98,064   Mqmig.exe 5/17/2001  02:33p    5.0.0.720          263,952   Mqmigrat.dll 5/17/2001  02:33p    5.0.0.720          223,504   Mqoa.dll 5/17/2001  02:33p    5.0.0.720             7952   Mqperf.dll 5/30/2001  05:16p    5.0.0.735          414,992   Mqqm.dll 5/17/2001  02:33p    5.0.0.720             8464   Mqrperf.dll 5/30/2001  05:16p    5.0.0.735           91,920   Mqrt.dll 5/17/2001  02:33p    5.0.0.720           70,416   Mqsec.dll 5/17/2001  02:33p    5.0.0.720          400,144   Mqsnap.dll 12/28/2001 06:48p    5.0.0.720           14,096   Mqsvc.exe 5/17/2001  02:33p    5.0.0.720           24,336   Mqupgrd.dll 5/17/2001  02:33p    5.0.0.720          107,792   Mqutil.dll 6/28/2001  05:31p    2000.2.3479.0      681,744   Msdtcprx.dll 6/28/2001  05:31p    2000.2.3479.0   1,121,040    Msdtctm.dll 5/17/2001  02:33p    2000.2.3479.0      145,680   Msdtcui.dll 5/17/2001  02:33p    5.0.0.720           64,784   Msmq.cpl 5/17/2001  02:33p    5.0.0.720          159,504   Msmqocm.dll 5/4/2001   05:04p    2000.2.3479.0      151,312   Mtstocom.exe 5/17/2001  02:33p    2000.2.3479.0       52,496   Mtxclu.dll 5/17/2001  02:33p    2000.2.3479.0       23,824   Mtxdm.dll 6/28/2001  05:31p    2000.2.3479.0      104,208   Mtxoci.dll 6/2/2001   12:23p    5.0.2195.3669       17,168   Nddeapi.dll 5/30/2001  04:31p    5.0.2195.3655         4880   Nddeapir.exe 6/2/2001   12:22p    5.0.2195.3669      108,816   Netdde.exe 5/4/2001   12:05p    5.0.2195.2951    1,684,928   Ntkrnlmp.exe 5/4/2001   12:05p    5.0.2195.2951    1,684,672   Ntkrnlpa.exe 5/4/2001   12:05p    5.0.2195.2951    1,705,280   Ntkrpamp.exe 6/13/2001  11:13a    5.0.2195.3728         6928   Ntlsapi.dll 5/4/2001   12:05p    5.0.2195.2951    1,713,232   Ntoskrnl.exe 5/17/2001  02:33p    5.0.2195.3506      138,000   Nwprovau.dll 5/17/2001  02:33p    5.0.2195.3448       60,688   Nwwks.dll 7/9/2001   06:38p    5.0.2195.3761      940,304   Ole32.dll 5/4/2001   12:05p    5.0.2195.2780       56,080   Rasman.dll 5/4/2001   12:05p    5.0.2195.2728      150,800   Rasmans.dll 5/4/2001   12:05p    5.0.2195.2671       54,032   Rastapi.dll 7/9/2001   06:38p    5.0.2195.3831      427,792   Rpcrt4.dll 7/9/2001   06:38p    5.0.2195.3761      185,104   Rpcss.dll 5/4/2001   12:05p    5.0.2195.2896       94,320   Sfc.dll 5/22/2001  02:05p        -            1,038,823   Sp2.cat 5/17/2001  02:33p    5.0.2195.3555       62,736   Spoolss.dll 4/30/2001  07:46p    5.0.2195.3555       45,840   Spoolsv.exe 5/4/2001   12:05p    5.0.2195.2780      240,208   Srv.sys 5/4/2001   12:05p    5.0.2195.2904       81,168   Srvsvc.dll 12/20/2000 11:43a    5.0.2195.3091         3856   Svcpack1.dll 6/28/2001  05:31p    5.0.2195.3753       53,520   Trksvr.dll 6/28/2001  05:31p    2000.2.3479.0      383,248   Txfaux.dll 5/4/2001   12:05p    5.0.2195.2780       97,552   Wkssvc.dll

Note The COM+ binaries that are shipped with this fix cause a large memory leak. Microsoft recommends that you install COM+ hotfix rollup package 18.1. To download this package, visit the following Microsoft Web site:

http://download.microsoft.com/download/win2000platform/patch/q313582/nt5/en-us/q313582_w2k_sp3_x86_en.exe

Windows NT 4.0
To resolve this problem, obtain the Windows NT 4.0 Security Rollup Package. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)

Windows NT Server 4.0, Terminal Server Edition
To resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base:

317636 Windows NT Server 4.0, TerminalServer Edition, Security Rollup Package

SQL Server 2000
To resolve this problem, obtain the latest service pack for SQL Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

290211 How to obtain the latest SQL Server 2000 service pack

For your convenience, this individual fix is also available for downloading from the Microsoft Download Center:

Download Q298012_sql2000_x86_en.exe now

Release Date: July 26, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:   Date         Time   Version        Size    File name ---  20-Oct-2000  19:06  2000.80.213.0  28,727  Dbmsrpcn.dll 20-Oct-2000 19:06  2000.80.213.0  32,823  Ssmsrp70.dll

SQL Server 7.0
To resolve this problem, obtain the latest service pack for SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

301511 How to obtain the latest SQL Server 7.0 service pack

For your convenience, this individual fix is also available for downloading from the Microsoft Download Center:

Download Q298012_sql70sp2_x86_en.exe now

Release Date: July 26, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:   Date         Time   Version       Size    File name --  20-Oct-2000  20:48  2000.10.20.0  28,944  Dbmsrpcn.dll 20-Oct-2000 20:48  2000.10.20.0  33,040  Ssmsrp70.dll

Exchange 2000 Server
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

301378 How to obtain the latest Exchange 2000 Server service pack

For your convenience, an individual fix is also available for downloading from the Microsoft Download Center. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

304063 XGEN: Exchange 2000 Server Post-RTM RPC Fixes

Exchange Server 5.5
For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

304062 XGEN: Exchange Server 5.5 Post-SP4 RPC Fixes



Windows 2000
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Windows 2000. This problem was first corrected in Windows 2000 Service Pack 3.

Windows NT 4.0
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Windows NT 4.0.

SQL Server 2000
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 2000. This problem was first corrected in Microsoft SQL Server 2000 Service Pack 1.

SQL Server 7.0
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 7.0. This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 3.

Exchange 2000 Server
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 1.

Exchange Server 5.5
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Exchange Server 5.5.



MORE INFORMATION
For additional information about this vulnerability, see the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms01-041.mspx

For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:

265173 The Datacenter Program and Windows 2000 Datacenter Server Product

For more information about how to install multiple hotfixes with only one reboot, click the following article number to view the article in the Microsoft Knowledge Base:

296861 How to install multiple Windows updates or hotfixes with only one reboot

Additional query words: security_patch kbWin2000srp1 tsesrp kbsecvulnerability kbsechack kbsecbulletin

Keywords: kbbug kbfix kbwin2000presp3fix kbqfe kbsqlserv2000sp1fix kbwin2000sp3fix kbsecurity kbhotfixserver KB298012

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.