A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to compromise a vulnerable system. This issue is caused due to the Remote Procedure Call (RPC) Marshalling Engine not updating its internal state in an appropriate manner, which could allow attackers to execute arbitrary code by sending specially crafted RPC message to a vulnerable third-party RPC application.

Note: Microsoft Windows is not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. However, the vulnerability exists in the Microsoft Windows RPC runtime and could affect third-party RPC applications.

Affected Products

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2

Solution

Apply patches :
http://www.microsoft.com/technet/security/bulletin/ms09-026.mspx

References

http://www.vupen.com/english/advisories/2009/1545
http://www.microsoft.com/technet/security/bulletin/ms09-026.mspx

Credits

Vulnerability reported by the vendor.

Changelog

2009-06-09 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.