MS07-058: Vulnerabilities in RPC could allow denial of service

Article translations Article translations
Article ID: 933729 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS07-058. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Known issues with this security update

After you apply this security update on a Windows Server 2003 Service Pack 1-based computer, an access violation error may occur in the W3wp.exe process. This problem may occur if the remote procedure call (RPC) over HTTP proxy networking component is enabled.

When this problem occurs, the following events are logged in the Application log:

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description: Faulting application w3wp.exe, version 6.0.3790.1830, faulting module rpcrt4.dll, version 5.2.3790.2568, fault address 0x000362ba.

Event Type: Error
Event Source: W3SVC
Event Category: None
Event ID: 1002
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description: Application pool 'DefaultAppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool.

This problem occurs because a notification is incorrectly sent to the application by using RPC over HTTP.

To resolve this problem, use one of the following methods:
  • Install Windows Server 2003 Service Pack 2 (SP2). For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    889100 How to obtain the latest service pack for Windows Server 2003
  • Install hotfix 917781. For more information about hotfix 917781, click the following article number to view the article in the Microsoft Knowledge Base:
    917781 An access violation error may occur in the W3wp.exe process after you install hotfix 908521 or Security Update 933729 in Windows Server 2003 with Service Pack 1
  • Force the default branch to QFE at installation. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    824994 Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages
    In this Microsoft Knowledge Base article, see the information in the "How to force the default branch to QFE at installation" section.

Properties

Article ID: 933729 - Last Review: September 30, 2011 - Revision: 2.0
APPLIES TO
  • Windows Vista Ultimate
  • Windows Vista Enterprise
  • Windows Vista Business
  • Windows Vista Home Premium
  • Windows Vista Home Basic
  • Windows Vista Starter
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Business 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
Keywords: 
kbvistasp1fix kbwin2000presp5fix kbwinxppresp3fix kbwinserv2003postsp2fix kbwinvistapostrtmfix kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix KB933729

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com