MS01-041: Malformed RPC request can cause service problems

Article translations Article translations
Article ID: 298012 - View products that this article applies to.
This article was previously published under Q298012
Expand all | Collapse all

On This Page

SYMPTOMS

A denial-of-service vulnerability exists in the Microsoft products that are listed at the beginning of this article. This vulnerability can disrupt a server's ability to service legitimate users' requests if a specially malformed request is received.

The results of exploiting this vulnerability could vary, depending on the particular request and to which of the affected services the attacker could send the request. If best practices have been followed, an attacker on the Internet would be unable to send such a request to any of the affected services.

CAUSE

This vulnerability exists because the Remote Procedure Call (RPC) server stubs that are associated with certain services in the affected products do not correctly validate incoming requests before passing them to the associated service. This could enable a request to be passed to a service that would cause problems with the service.

RESOLUTION

Windows 2000

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
The English version of this fix should have the following file attributes or later:
Date        Time        Version          Size      File name
---------------------------------------------------------------
5/17/2001   02:33p    2000.2.3479.0      166,160   Catsrv.dll
6/28/2001   05:31p    2000.2.3479.0      575,760   Catsrvut.dll
5/17/2001   02:33p    2000.2.3479.0       96,016   Clbcatex.dll
5/17/2001   02:33p    2000.2.3479.0      508,688   Clbcatq.dll
5/17/2001   02:33p    2000.2.3479.0       37,648   Colbact.dll
5/17/2001   02:33p    2000.2.3479.0      201,488   Comadmin.dll
6/28/2001   05:31p    2000.2.3479.0    1,417,488   Comsvcs.dll
5/17/2001   02:33p    2000.2.3479.0      625,936   Comuid.dll
6/28/2001   05:31p    5.131.2195.3789    442,640   Cryptui.dll
6/21/2001   12:31a    5.0.2195.3759      270,608   Dhcpssvc.dll
5/4/2001    05:00p         -                9679   Dtcsetup.cat
5/4/2001    05:00p    2000.2.3479.0      822,600   Dtcsetup.exe
5/17/2001   02:33p    2000.2.3479.0      234,256   Es.dll
7/9/2001    06:38p    5.0.2195.3831       48,912   Llsrpc.dll
7/9/2001    01:40p    5.0.2195.3831       82,192   Llssrv.exe
5/17/2001   02:33p    5.0.0.720          278,800   Mq1repl.dll
2/28/2001   06:47p    5.0.0.720           14,096   Mq1sync.exe
5/29/2001   03:22p    5.0.0.735           71,120   Mqac.sys
5/17/2001   02:33p    5.0.0.721          21,4288   Mqads.dll
2/28/2001   06:47p    5.0.0.720           21,776   Mqbkup.exe
5/17/2001   02:33p    5.0.0.720           29,456   Mqcertui.dll
5/17/2001   02:33p    5.0.0.720           49,424   Mqclus.dll
5/17/2001   02:33p    5.0.0.720           29,968   Mqdbodbc.dll
5/17/2001   02:33p    5.0.0.720           75,536   Mqdscli.dll
5/17/2001   02:33p    5.0.0.720           41,744   Mqdssrv.dll
2/28/2001   06:47p    5.0.0.720           98,064   Mqmig.exe
5/17/2001   02:33p    5.0.0.720          263,952   Mqmigrat.dll
5/17/2001   02:33p    5.0.0.720          223,504   Mqoa.dll
5/17/2001   02:33p    5.0.0.720             7952   Mqperf.dll
5/30/2001   05:16p    5.0.0.735          414,992   Mqqm.dll
5/17/2001   02:33p    5.0.0.720             8464   Mqrperf.dll
5/30/2001   05:16p    5.0.0.735           91,920   Mqrt.dll
5/17/2001   02:33p    5.0.0.720           70,416   Mqsec.dll
5/17/2001   02:33p    5.0.0.720          400,144   Mqsnap.dll
12/28/2001  06:48p    5.0.0.720           14,096   Mqsvc.exe
5/17/2001   02:33p    5.0.0.720           24,336   Mqupgrd.dll
5/17/2001   02:33p    5.0.0.720          107,792   Mqutil.dll
6/28/2001   05:31p    2000.2.3479.0      681,744   Msdtcprx.dll
6/28/2001   05:31p    2000.2.3479.0   1,121,040    Msdtctm.dll
5/17/2001   02:33p    2000.2.3479.0      145,680   Msdtcui.dll
5/17/2001   02:33p    5.0.0.720           64,784   Msmq.cpl
5/17/2001   02:33p    5.0.0.720          159,504   Msmqocm.dll
5/4/2001    05:04p    2000.2.3479.0      151,312   Mtstocom.exe
5/17/2001   02:33p    2000.2.3479.0       52,496   Mtxclu.dll
5/17/2001   02:33p    2000.2.3479.0       23,824   Mtxdm.dll
6/28/2001   05:31p    2000.2.3479.0      104,208   Mtxoci.dll
6/2/2001    12:23p    5.0.2195.3669       17,168   Nddeapi.dll
5/30/2001   04:31p    5.0.2195.3655         4880   Nddeapir.exe
6/2/2001    12:22p    5.0.2195.3669      108,816   Netdde.exe
5/4/2001    12:05p    5.0.2195.2951    1,684,928   Ntkrnlmp.exe
5/4/2001    12:05p    5.0.2195.2951    1,684,672   Ntkrnlpa.exe
5/4/2001    12:05p    5.0.2195.2951    1,705,280   Ntkrpamp.exe
6/13/2001   11:13a    5.0.2195.3728         6928   Ntlsapi.dll
5/4/2001    12:05p    5.0.2195.2951    1,713,232   Ntoskrnl.exe
5/17/2001   02:33p    5.0.2195.3506      138,000   Nwprovau.dll
5/17/2001   02:33p    5.0.2195.3448       60,688   Nwwks.dll
7/9/2001    06:38p    5.0.2195.3761      940,304   Ole32.dll
5/4/2001    12:05p    5.0.2195.2780       56,080   Rasman.dll
5/4/2001    12:05p    5.0.2195.2728      150,800   Rasmans.dll
5/4/2001    12:05p    5.0.2195.2671       54,032   Rastapi.dll
7/9/2001    06:38p    5.0.2195.3831      427,792   Rpcrt4.dll
7/9/2001    06:38p    5.0.2195.3761      185,104   Rpcss.dll
5/4/2001    12:05p    5.0.2195.2896       94,320   Sfc.dll
5/22/2001   02:05p        -            1,038,823   Sp2.cat
5/17/2001   02:33p    5.0.2195.3555       62,736   Spoolss.dll
4/30/2001   07:46p    5.0.2195.3555       45,840   Spoolsv.exe
5/4/2001    12:05p    5.0.2195.2780      240,208   Srv.sys
5/4/2001    12:05p    5.0.2195.2904       81,168   Srvsvc.dll
12/20/2000  11:43a    5.0.2195.3091         3856   Svcpack1.dll
6/28/2001   05:31p    5.0.2195.3753       53,520   Trksvr.dll
6/28/2001   05:31p    2000.2.3479.0      383,248   Txfaux.dll
5/4/2001    12:05p    5.0.2195.2780       97,552   Wkssvc.dll 
					
Note The COM+ binaries that are shipped with this fix cause a large memory leak. Microsoft recommends that you install COM+ hotfix rollup package 18.1. To download this package, visit the following Microsoft Web site:
http://download.microsoft.com/download/win2000platform/patch/q313582/nt5/en-us/q313582_w2k_sp3_x86_en.exe

Windows NT 4.0

To resolve this problem, obtain the Windows NT 4.0 Security Rollup Package. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)

Windows NT Server 4.0, Terminal Server Edition

To resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base:
317636 Windows NT Server 4.0, TerminalServer Edition, Security Rollup Package

SQL Server 2000

To resolve this problem, obtain the latest service pack for SQL Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
290211 How to obtain the latest SQL Server 2000 service pack
For your convenience, this individual fix is also available for downloading from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Q298012_sql2000_x86_en.exe now
Release Date: July 26, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   Date         Time   Version        Size    File name
   -------------------------------------------------------
   20-Oct-2000  19:06  2000.80.213.0  28,727  Dbmsrpcn.dll
   20-Oct-2000  19:06  2000.80.213.0  32,823  Ssmsrp70.dll
				

SQL Server 7.0

To resolve this problem, obtain the latest service pack for SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
301511 How to obtain the latest SQL Server 7.0 service pack
For your convenience, this individual fix is also available for downloading from the Microsoft Download Center:


Release Date: July 26, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   Date         Time   Version       Size    File name
   ------------------------------------------------------
   20-Oct-2000  20:48  2000.10.20.0  28,944  Dbmsrpcn.dll
   20-Oct-2000  20:48  2000.10.20.0  33,040  Ssmsrp70.dll
				

Exchange 2000 Server

To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
301378 How to obtain the latest Exchange 2000 Server service pack
For your convenience, an individual fix is also available for downloading from the Microsoft Download Center. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
304063 XGEN: Exchange 2000 Server Post-RTM RPC Fixes

Exchange Server 5.5

For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:
304062 XGEN: Exchange Server 5.5 Post-SP4 RPC Fixes

STATUS

Windows 2000

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Windows 2000. This problem was first corrected in Windows 2000 Service Pack 3.

Windows NT 4.0

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Windows NT 4.0.

SQL Server 2000

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 2000. This problem was first corrected in Microsoft SQL Server 2000 Service Pack 1.

SQL Server 7.0

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 7.0. This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 3.

Exchange 2000 Server

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 1.

Exchange Server 5.5

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Exchange Server 5.5.

MORE INFORMATION

For additional information about this vulnerability, see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms01-041.mspx
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:
265173 The Datacenter Program and Windows 2000 Datacenter Server Product
For more information about how to install multiple hotfixes with only one reboot, click the following article number to view the article in the Microsoft Knowledge Base:
296861 How to install multiple Windows updates or hotfixes with only one reboot

Properties

Article ID: 298012 - Last Review: October 10, 2011 - Revision: 7.0
APPLIES TO
  • Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6
  • Microsoft Exchange Server 5.5 Standard Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Server 4.0 Enterprise Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft SQL Server 7.0 Standard Edition
  • Microsoft SQL Server 2000 Standard Edition
Keywords: 
kbHotfixServer kbqfe kbbug kbfix kbsecurity kbsqlserv2000sp1fix kbwin2000presp3fix kbWin2000sp3fix KB298012

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com