---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Microsoft Windows 2000 RPC Authentication Information Disclosure SECUNIA ADVISORY ID: SA27153 VERIFY ADVISORY: http://secunia.com/advisories/27153/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Server http://secunia.com/product/20/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due an error when processing RPC authentication requests and can be exploited to disclose unspecified information by sending specially crafted RPC authentication requests to an affected system. This is related to: SA27134 The vulnerability is reported in Microsoft Windows 2000 Service Pack 4. SOLUTION: Apply updates. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=6c7fb9a8-1d8d-4307-b5c6-bc6c28ee09de PROVIDED AND/OR DISCOVERED BY: The vendor credits the Zero Day Initiative. ORIGINAL ADVISORY: MS07-058 (KB933729): http://www.microsoft.com/technet/security/Bulletin/MS07-058.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------