[Microsoft Alert] Microsoft Security Bulletin MS06-031

Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)

Issued: June 13, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Spoofing

 

Maximum Severity Rating: Moderate

 

Recommendation: Customers should consider applying the security update.

 

Security Update Replacement: None

 

 

Vulnerability Details:

There is a spoofing vulnerability in the way that RPC handles mutual authentication. This vulnerability could allow an attacker to persuade a user to connect to a malicious RPC server which appears to be valid.

 

 

Affected Software:

Microsoft Windows 2000 Service Pack 4

 

Non-Affected Software:

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

 

Microsoft Windows XP Professional x64 Edition

 

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

 

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

 

Microsoft Windows Server 2003 x64 Edition

 

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)

---