<< Back
CVE Number Vulnerability Product Severity Date
MS09-026 Vulnerability in RPC Could Allow Elevation of Privilege (970238) Microsoft Windows Critical 10-06-2009

Technical Information

Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in the Windows remote procedure call (RPC) facility where the RPM Marshalling Engine does not update its internal state appropriately. The failure to update internal state could lead to a pointer being read from an incorrect location. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Further information on this exploit is available at : MS09-026

Affected Software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3