This vulnerability is 13 years 3 months and 9 days old there are exploits publicly available for it. The vulnerability itself is over a year old, and with there being exploits publicly available it is highly advisable that this vulnerability is patched immediately.
SynopsisA vulnerability in MSDTC could allow remote code execution.
Vulnerability DescriptionThe remote version of Windows contains a version of MSDTC (Microsoft Data Transaction Coordinator) service that has several remote code execution, local privilege escalation, and denial of service vulnerabilities.
An attacker may exploit these flaws to obtain the complete control of the remote host.
Microsoft Windows platforms may be vulnerable to a flaw in the MSDTC implementation caused by an unchecked buffer that may allow a remote, unauthenticated user to execute arbitrary code and take complete control of the system.
Microsoft Windows 2000 is vulnerable to remote, unauthenticated users exploiting this flaw from the network and locally. Microsoft Windows XP SP1 and Windows Server 2003 are vulnerable to local authenticated attackers exploiting this flaw. Microsoft Windows XP SP2 and Windows Server 2003 SP1 are not vulnerable.
Note that on Windows XP SP1 MSDTC Network DTC Access is allowed by default and if the service is started by any local user, the system may be vulnerable to remote, unauthenticated attacks. An administrator can disable the service and prevent a normal user from starting it. Windows Server 2003 is not configured by default to allow Network DTC Access, though the MSDTC service is started by default. If Network DTC Access is allowed by an administrator, the system may be vulnerable to remote, unauthenticated attacks.
Remotely-vulnerable systems listen on port 3372/tcp and a dynamic high TCP port.
Public reports indicate that exploit code is available for this vulnerability at this time.
SolutionMicrosoft has released a set of patches for Windows 2000, XP and 2003.
CVE ReferencesCVE-2005-2119 NIST | MITRE | CVEDetails
CVE-2005-1978 NIST | MITRE | CVEDetails
CVE-2005-1979 NIST | MITRE | CVEDetails
CVE-2005-1980 NIST | MITRE | CVEDetails
Get in touch
Should you have any questions regarding this or any security matter, please do not hesitate to get in touch by emailing the Hedgehog Cyber Operations Team.
Whilst every effort is made to ensure the accuracy and robustness of any information presented, it is not possible for Hedgehog Cyber to test every possible scenario an organisation may face, and Hedgehog Cyber cannot be held liable for any loss or damage which may arise from taking action on any of the contents provided. Hedgehog Cyber strongly advises that all recommendations, solutions and detection methods detailed, are thoroughly reviewed and tested in non-production environments before being considered suitable for production release, in-line with any existing internal change control procedures.