Microsoft KB Archive/933729

= MS07-058: Vulnerabilities in RPC could allow denial of service =

Article ID: 933729

Article Last Modified on 11/1/2007

-

APPLIES TO

 Windows Vista Ultimate Windows Vista Enterprise Windows Vista Business Windows Vista Home Premium Windows Vista Home Basic Windows Vista Starter Windows Vista Ultimate 64-bit Edition Windows Vista Enterprise 64-bit Edition</li> Windows Vista Business 64-bit Edition</li> Windows Vista Home Premium 64-bit Edition</li> Windows Vista Home Basic 64-bit Edition</li> Microsoft Windows XP Service Pack 1, when used with: <ul> Microsoft Windows XP Tablet PC Edition 2005</li></ul>

<ul> Microsoft Windows XP Media Center Edition 2005</li></ul>

<ul> Microsoft Windows XP Home Edition</li></ul>

<ul> Microsoft Windows XP Professional</li></ul> </li> Microsoft Windows XP Service Pack 2, when used with: <ul> Microsoft Windows XP Tablet PC Edition 2005</li></ul>

<ul> Microsoft Windows XP Media Center Edition 2005</li></ul>

<ul> Microsoft Windows XP Home Edition</li></ul>

<ul> Microsoft Windows XP Professional</li></ul> </li> Microsoft Windows Server 2003 Service Pack 1, when used with: <ul> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Web Edition</li></ul> </li> <li>Microsoft Windows Server 2003 Service Pack 2, when used with: <ul> <li>Microsoft Windows XP Professional x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003, Web Edition</li></ul> </li> <li>Microsoft Windows 2000 Advanced Server</li> <li>Microsoft Windows 2000 Datacenter Server</li> <li>Microsoft Windows 2000 Professional Edition</li> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

-

<div class="summary_section">

INTRODUCTION
Microsoft has released security bulletin MS07-058. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/protect/computer/updates/bulletins/200710.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms07-058.mspx

</li></ul>

Known issues with this security update
After you apply this security update on a Windows Server 2003 Service Pack 1-based computer, an access violation error may occur in the W3wp.exe process. This problem may occur if the remote procedure call (RPC) over HTTP proxy networking component is enabled.

When this problem occurs, the following events are logged in the Application log: Event Type: Error

Event Source: Application Error

Event Category: (100)

Event ID: 1000

Date:

Time:

User: N/A

Computer:

Description: Faulting application w3wp.exe, version 6.0.3790.1830, faulting module rpcrt4.dll, version 5.2.3790.2568, fault address 0x000362ba.

Event Type: Error

Event Source: W3SVC

Event Category: None

Event ID: 1002

Date:

Time:

User: N/A

Computer:

Description: Application pool 'DefaultAppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool.

This problem occurs because a notification is incorrectly sent to the application by using RPC over HTTP.

To resolve this problem, use one of the following methods: <ul> <li>Install Windows Server 2003 Service Pack 2 (SP2). For more information, click the following article number to view the article in the Microsoft Knowledge Base:

889100 How to obtain the latest service pack for Windows Server 2003

</li> <li>Install hotfix 917781. For more information about hotfix 917781, click the following article number to view the article in the Microsoft Knowledge Base:

917781 An access violation error may occur in the W3wp.exe process after you install hotfix 908521 or Security Update 933729 in Windows Server 2003 with Service Pack 1

</li> <li>Force the default branch to QFE at installation. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824994 Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages

In this Microsoft Knowledge Base article, see the information in the &quot;How to force the default branch to QFE at installation&quot; section.</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbwin2000presp5fix kbwinxppresp3fix kbwinserv2003postsp2fix kbwinvistapostrtmfix kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbpubtypekc KB933729

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.