_________________________________________________________

          DePaul University Computer Security Response Team

                           C   S   R   T

                       <security@depaul.edu>
                   <http://security.depaul.edu/>
      _________________________________________________________


               Computer Security Vulnerability Alert

_____________________________________________________________________
16:00 -0500                                                2003-07-25


SUMMARY    Exploit for Microsoft Vulnerability Publicly Available.

SEVERITY   Critical

           **********************************************************
           Please contact <security@depaul.edu> immediately if your
           computer is suspected to be compromised by this, or any
           other, security vulnerability.
           **********************************************************

PLATFORM   Microsoft Windows NT 4.0
           Microsoft Windows NT 4.0 Terminal Services Edition
           Microsoft Windows 2000
           Microsoft Windows XP
           Microsoft Windows Server 2003 

IMPACT     Paritial or complete gain of system privileges through
           remote connectvity. Disruption of network services through 
           the future spread of malicious payloads.

SCOPE      All University computers running Microsoft Windows
           operating systems.

DETAILS    A new existing vulnerability in the Microsoft Remote 
           Procedure Call end-to-end mapper may be the target of
           upcoming worms in the immediate future. This
           vulnerability, as listed in Microsoft Security Bulletin
           MS03-026, may lead to compromise of both SERVER *and*
           WORKSTATION class machines.

           We strongly encourage that you visit the links found at
           the bottom of this advisory to IMMEDIATELY update your 
           machine to a current patch level. The Microsoft Baseline
           Security Analyzer may be used to verify your current 
           patch level.

           In the event that this is not possible immediately, we 
           strongly encourage you to shutdown your non-critical
           desktops and servers for the weekend until proper
           patches can be applied.

DAMAGE     Compromise of system privileges through remote attack
           vectors against the Microsoft Remote Procedure Call (RPC)
           end-to-end mapper.
           
EXPLOIT    An exploit has been released  and the URL for this exploit
           can be found below.
           
ALERTID    CSRT2003072503

REVISION   

  Id: csrt-va2003072503.txt,v 1.1 2003/07/25 21:00:25 epancer Exp 

______________________________________________________________________

MORE
INFO

o Microsoft Security Bulletin MS03-26

<http://microsoft.com/technet/treeview/
         default.asp?url=/technet/security/bulletin/MS03-026.asp>

o Microsoft Windows Update Website

<http://windowsupdate.microsoft.com/>

o Microsoft Baseline Security Analyzer

<http://www.microsoft.com/technet/treeview/
         default.asp?url=/technet/security/tools/Tools/mbsahome.asp>

o Exploit Code for the MS03-026 Vulnerability

<http://www.metasploit.com/tools/dcom.c>
______________________________________________________________________
_____________________________END OF ALERT_____________________________