MS06-031: RPC Mutual Authentication Vulnerability

Published: 2006-06-13
Last Updated: 2006-06-13 20:13:30 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
MS06-031 - KB 917736

This looks to be an obscure bug that only affects Windows 2000.  In               
reality, the conditions for exploitation seem rare and no code execution          
is possible.  The bug only affects custom RPC applications using SSL              
with mutual authentication, which probably doesn't amount to many                 
applications out there.  Finally, the impact of this bug only                     
allows the attacker to impersonate a trusted RPC server - it doesn't              
allow code execution.                                                             
For all the overworked sysadmins, you can probably leave this at the              
bottom of your patch list. 

this vulnerability is also covered in CVE-2006-2380.

Kyle Haugsness

0 comment(s)


Diary Archives