Article ID: 298012
Article Last Modified on 3/22/2007
APPLIES TO
- Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 4
- Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 5
- Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6
- Microsoft Windows 2000 Service Pack 1
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Service Pack 1
- Microsoft Windows 2000 Service Pack 2
- Microsoft Exchange Server 5.5 Standard Edition
- Microsoft Exchange Server 5.5 Service Pack 1
- Microsoft Exchange Server 5.5 Service Pack 2
- Microsoft Exchange Server 5.5 Service Pack 3
- Microsoft Exchange Server 5.5 Service Pack 4
- Microsoft Exchange Server 2000 Service Pack 1
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Windows NT 4.0 Service Pack 1
- Microsoft Windows NT 4.0 Service Pack 2
- Microsoft Windows NT 4.0 Service Pack 3
- Microsoft Windows NT 4.0 Service Pack 4
- Microsoft Windows NT 4.0 Service Pack 5
- Microsoft Windows NT 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Enterprise Edition
- Microsoft Windows NT 4.0 Service Pack 4
- Microsoft Windows NT 4.0 Service Pack 5
- Microsoft Windows NT 4.0 Service Pack 6a
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Exchange 2000 Enterprise Server
- Microsoft SQL Server 7.0 Standard Edition
- Microsoft SQL Server 7.0 Service Pack 1
- Microsoft SQL Server 7.0 Service Pack 2
- Microsoft SQL Server 2000 Standard Edition
This article was previously published under Q298012
SYMPTOMS
A denial-of-service vulnerability exists in the Microsoft products that are listed at the beginning of this article. This vulnerability can disrupt a server's ability to service legitimate users' requests if a specially malformed request is received.
The results of exploiting this vulnerability could vary, depending on the particular request and to which of the affected services the attacker could send the request. If best practices have been followed, an attacker on the Internet would be unable to send such a request to any of the affected services.
CAUSE
This vulnerability exists because the Remote Procedure Call (RPC) server stubs that are associated with certain services in the affected products do not correctly validate incoming requests before passing them to the associated service. This could enable a request to be passed to a service that would cause problems with the service.
RESOLUTION
Windows 2000
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
---------------------------------------------------------------
5/17/2001 02:33p 2000.2.3479.0 166,160 Catsrv.dll
6/28/2001 05:31p 2000.2.3479.0 575,760 Catsrvut.dll
5/17/2001 02:33p 2000.2.3479.0 96,016 Clbcatex.dll
5/17/2001 02:33p 2000.2.3479.0 508,688 Clbcatq.dll
5/17/2001 02:33p 2000.2.3479.0 37,648 Colbact.dll
5/17/2001 02:33p 2000.2.3479.0 201,488 Comadmin.dll
6/28/2001 05:31p 2000.2.3479.0 1,417,488 Comsvcs.dll
5/17/2001 02:33p 2000.2.3479.0 625,936 Comuid.dll
6/28/2001 05:31p 5.131.2195.3789 442,640 Cryptui.dll
6/21/2001 12:31a 5.0.2195.3759 270,608 Dhcpssvc.dll
5/4/2001 05:00p - 9679 Dtcsetup.cat
5/4/2001 05:00p 2000.2.3479.0 822,600 Dtcsetup.exe
5/17/2001 02:33p 2000.2.3479.0 234,256 Es.dll
7/9/2001 06:38p 5.0.2195.3831 48,912 Llsrpc.dll
7/9/2001 01:40p 5.0.2195.3831 82,192 Llssrv.exe
5/17/2001 02:33p 5.0.0.720 278,800 Mq1repl.dll
2/28/2001 06:47p 5.0.0.720 14,096 Mq1sync.exe
5/29/2001 03:22p 5.0.0.735 71,120 Mqac.sys
5/17/2001 02:33p 5.0.0.721 21,4288 Mqads.dll
2/28/2001 06:47p 5.0.0.720 21,776 Mqbkup.exe
5/17/2001 02:33p 5.0.0.720 29,456 Mqcertui.dll
5/17/2001 02:33p 5.0.0.720 49,424 Mqclus.dll
5/17/2001 02:33p 5.0.0.720 29,968 Mqdbodbc.dll
5/17/2001 02:33p 5.0.0.720 75,536 Mqdscli.dll
5/17/2001 02:33p 5.0.0.720 41,744 Mqdssrv.dll
2/28/2001 06:47p 5.0.0.720 98,064 Mqmig.exe
5/17/2001 02:33p 5.0.0.720 263,952 Mqmigrat.dll
5/17/2001 02:33p 5.0.0.720 223,504 Mqoa.dll
5/17/2001 02:33p 5.0.0.720 7952 Mqperf.dll
5/30/2001 05:16p 5.0.0.735 414,992 Mqqm.dll
5/17/2001 02:33p 5.0.0.720 8464 Mqrperf.dll
5/30/2001 05:16p 5.0.0.735 91,920 Mqrt.dll
5/17/2001 02:33p 5.0.0.720 70,416 Mqsec.dll
5/17/2001 02:33p 5.0.0.720 400,144 Mqsnap.dll
12/28/2001 06:48p 5.0.0.720 14,096 Mqsvc.exe
5/17/2001 02:33p 5.0.0.720 24,336 Mqupgrd.dll
5/17/2001 02:33p 5.0.0.720 107,792 Mqutil.dll
6/28/2001 05:31p 2000.2.3479.0 681,744 Msdtcprx.dll
6/28/2001 05:31p 2000.2.3479.0 1,121,040 Msdtctm.dll
5/17/2001 02:33p 2000.2.3479.0 145,680 Msdtcui.dll
5/17/2001 02:33p 5.0.0.720 64,784 Msmq.cpl
5/17/2001 02:33p 5.0.0.720 159,504 Msmqocm.dll
5/4/2001 05:04p 2000.2.3479.0 151,312 Mtstocom.exe
5/17/2001 02:33p 2000.2.3479.0 52,496 Mtxclu.dll
5/17/2001 02:33p 2000.2.3479.0 23,824 Mtxdm.dll
6/28/2001 05:31p 2000.2.3479.0 104,208 Mtxoci.dll
6/2/2001 12:23p 5.0.2195.3669 17,168 Nddeapi.dll
5/30/2001 04:31p 5.0.2195.3655 4880 Nddeapir.exe
6/2/2001 12:22p 5.0.2195.3669 108,816 Netdde.exe
5/4/2001 12:05p 5.0.2195.2951 1,684,928 Ntkrnlmp.exe
5/4/2001 12:05p 5.0.2195.2951 1,684,672 Ntkrnlpa.exe
5/4/2001 12:05p 5.0.2195.2951 1,705,280 Ntkrpamp.exe
6/13/2001 11:13a 5.0.2195.3728 6928 Ntlsapi.dll
5/4/2001 12:05p 5.0.2195.2951 1,713,232 Ntoskrnl.exe
5/17/2001 02:33p 5.0.2195.3506 138,000 Nwprovau.dll
5/17/2001 02:33p 5.0.2195.3448 60,688 Nwwks.dll
7/9/2001 06:38p 5.0.2195.3761 940,304 Ole32.dll
5/4/2001 12:05p 5.0.2195.2780 56,080 Rasman.dll
5/4/2001 12:05p 5.0.2195.2728 150,800 Rasmans.dll
5/4/2001 12:05p 5.0.2195.2671 54,032 Rastapi.dll
7/9/2001 06:38p 5.0.2195.3831 427,792 Rpcrt4.dll
7/9/2001 06:38p 5.0.2195.3761 185,104 Rpcss.dll
5/4/2001 12:05p 5.0.2195.2896 94,320 Sfc.dll
5/22/2001 02:05p - 1,038,823 Sp2.cat
5/17/2001 02:33p 5.0.2195.3555 62,736 Spoolss.dll
4/30/2001 07:46p 5.0.2195.3555 45,840 Spoolsv.exe
5/4/2001 12:05p 5.0.2195.2780 240,208 Srv.sys
5/4/2001 12:05p 5.0.2195.2904 81,168 Srvsvc.dll
12/20/2000 11:43a 5.0.2195.3091 3856 Svcpack1.dll
6/28/2001 05:31p 5.0.2195.3753 53,520 Trksvr.dll
6/28/2001 05:31p 2000.2.3479.0 383,248 Txfaux.dll
5/4/2001 12:05p 5.0.2195.2780 97,552 Wkssvc.dll
Note The COM+ binaries that are shipped with this fix cause a large memory leak. Microsoft recommends that you install COM+ hotfix rollup package 18.1. To download this package, visit the following Microsoft Web site:
Windows NT 4.0
To resolve this problem, obtain the Windows NT 4.0 Security Rollup Package. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)
Windows NT Server 4.0, Terminal Server Edition
To resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base:
317636 Windows NT Server 4.0, TerminalServer Edition, Security Rollup Package
SQL Server 2000
To resolve this problem, obtain the latest service pack for SQL Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
290211 How to obtain the latest SQL Server 2000 service pack
For your convenience, this individual fix is also available for downloading from the Microsoft Download Center:
![[GRAPHIC: Download]](/wiki/index.php?title=File:Download.gif){kind=small}
Release Date: July 26, 2001
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
-------------------------------------------------------
20-Oct-2000 19:06 2000.80.213.0 28,727 Dbmsrpcn.dll
20-Oct-2000 19:06 2000.80.213.0 32,823 Ssmsrp70.dll
SQL Server 7.0
To resolve this problem, obtain the latest service pack for SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
301511 How to obtain the latest SQL Server 7.0 service pack
For your convenience, this individual fix is also available for downloading from the Microsoft Download Center:
Release Date: July 26, 2001
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
------------------------------------------------------
20-Oct-2000 20:48 2000.10.20.0 28,944 Dbmsrpcn.dll
20-Oct-2000 20:48 2000.10.20.0 33,040 Ssmsrp70.dll
Exchange 2000 Server
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
301378 How to obtain the latest Exchange 2000 Server service pack
For your convenience, an individual fix is also available for downloading from the Microsoft Download Center. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
304063 XGEN: Exchange 2000 Server Post-RTM RPC Fixes
Exchange Server 5.5
For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:
304062 XGEN: Exchange Server 5.5 Post-SP4 RPC Fixes
STATUS
Windows 2000
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Windows 2000. This problem was first corrected in Windows 2000 Service Pack 3.
Windows NT 4.0
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Windows NT 4.0.
SQL Server 2000
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 2000. This problem was first corrected in Microsoft SQL Server 2000 Service Pack 1.
SQL Server 7.0
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 7.0. This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 3.
Exchange 2000 Server
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 1.
Exchange Server 5.5
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Exchange Server 5.5.
MORE INFORMATION
For additional information about this vulnerability, see the following Microsoft Web site:
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:
265173 The Datacenter Program and Windows 2000 Datacenter Server Product
For more information about how to install multiple hotfixes with only one reboot, click the following article number to view the article in the Microsoft Knowledge Base:
296861 How to install multiple Windows updates or hotfixes with only one reboot
Additional query words: security_patch kbWin2000srp1 tsesrp kbsecvulnerability kbsechack kbsecbulletin
Keywords: kbbug kbfix kbwin2000presp3fix kbqfe kbsqlserv2000sp1fix kbwin2000sp3fix kbsecurity kbhotfixserver KB298012
