x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

MS04-012

 
Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:MS04-012
Technical name:MS04-012
Threat level:Medium
Alias:Cumulative update for Microsoft RPC-DCOM, Actualización acumulativa para Microsoft RPC-DCOM
Type:Vulnerability
Effects:  

It is a group of critical vulnerabilities in RPC-DCOM on Windows 2003/XP/2000/NT computers, which allows hackers to execute arbitrary code and to launch remote Denial of Service attacks and information to be disclosed.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98

First detected on:June 2, 2006
Detection updated on:June 2, 2006
StatisticsNo

Brief Description 

    

MS04-012 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in RPC-DCOM on Windows 2003/XP/2000/NT computers.

The addressed vulnerabilities are:

  • RPC Runtime Library vulnerability, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.
  • RPCSS Service vulnerability, and COM Internet Services (CIS) and RPC over HTTP vulnerabilities, which allow remote DoS (Denial of Service) attacks to be launched against the vulnerable computer.
  • Object Identity vulnerability, which allows information to be disclosed.

These vulnerabilities are usually exploited by sending a specially crafted RPC message or by running an specially crafted program in the vulnerable computer. In order to do so, a hacker must be able to log on locally to the system.

 

If you have a Windows 2003/XP/2000/NT computer, it is recommendable to download and apply the security patch for this vulnerability.

Although the information related to this vulnerability is in the MS04-012 bulletin, you should rather apply one of the following patches, depending on your operating system:

  • Windows 2003/XP: MS05-051.
  • Windows 2000: MS06-018.