Vulnerability in RPC Could Allow Elevation of Privilege
Description: This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications. The update addresses the vulnerability by correcting the way that the RPC Marshalling Engine updates its internal state.
Update type: Important
Release date: June 9, 2009
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/970238
- RPC Marshalling Engine Vulnerability – CVE-2009-0568
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB970238.