|
Security Update for Windows XP Embedded with SP1 (KB823980) |
This update addresses the Buffer Overrun In RPC Interface Could Allow Code Execution (823980) for Windows XP Embedded with SP1.
This is the Microsoft Windows XP Embedded with Service Pack 1 component update to address MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution (823980).
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.
To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on specific RPC ports.
YOU MAY NOT PROVIDE THIS UPDATE OR THE LOCATION (URL) OF THIS UPDATE TO ANY THIRD PARTIES.
Files
|
Status: DeletedThis download is no longer available on microsoft.com. The downloads below are archives provided by the Internet Archive Wayback Machine from the Microsoft Download Center prior to October 2012. |
No files found
A file listing was not found in the Wayback Machine archives.
System Requirements
Operating Systems: Windows 2000, Windows Server 2003, Windows XP
Supported operating systems: Windows 2000, Windows Server 2003, Windows XP
- Requires the English Version of Windows XP Embedded with Service Pack 1. See the Windows XP Embedded System Requirements for details.
Installation Instructions
Important: This QFE requires Repository look-up may cause incorrect files to be copied (Q811279) be installed prior to this fix.
- Download Q823980_XPE_SP2_x86_ENU.exe from this page.
- Execute Q823980_XPE_SP2_x86_ENU.exe on a machine with the Windows XP Embedded with Service Pack 1 tools installed.
This package will automatically import updated and new .sld files into the current database specified in Component Database Manager. It will also copy new binaries into the Windows XP Embedded with Service Pack 1 QFE Repository folder.
Some of the .sld files may also require importing new repository objects. The new repositories will be created on the repository root holding the main Windows XP Embedded with Service Pack 1 repository. For information on moving repositories to other locations, see Moving a Repository in your Windows Embedded Studio documentation.
After importing this update into your database, add the following components to your configuration(s) if you wish to use this update:
- Primitive: Ole32 - Hotfix Q823980
- RPC Local Support - Hotfix Q823980
- RPC Server - Hotfix Q823980
See Importing Components into the Database for more information.