Description: This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications. The update addresses the vulnerability by correcting the way that the RPC Marshalling Engine updates its internal state.

Update type: Important

Release date: June 9, 2009

Applies to: All versions

Knowledge base: support.microsoft.com/kb/970238

Download link: 32-bit | 64-bit

Comments:Here are the specifics on the vulnerabilities covered by this update:

• RPC Marshalling Engine Vulnerability – CVE-2009-0568