Public exploits available
On this page
A remote code execution and local elevation of privilege vulnerability exists in the Microsoft Distributed Transaction Coordinator that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Technical details (analysis)
The Microsoft Distributed Transaction Coordinator (MSDTC) is a distributed transaction facility for Microsoft Windows platforms. MSDTC uses proven transaction processing technology. It is robust despite system failures, process failures, and communication failures; it exploits loosely coupled systems to provide scalable performance; and it is easy to install, configure, and manage. An unchecked buffer in the Microsoft Distributed Transaction Coordinator causes the vulnerability.
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Release Date: 2007-05-08T00:00:00
Known false positives
No known false positives at this time.
Disable the Distributed Transaction Coordinator
Use the Group Policy settings to disable the Distributed Transaction Coordinator on all affected systems that do not require this feature.
Disable Network DTC Access
Block the following at the firewall: All unsolicited inbound traffic on ports greater than 1024 and any other specifically configured RPC port
To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, which is included with Windows XP and with Windows Server 2003.
To help protect from network-based attempts to exploit this vulnerability, enable advanced TCP/IP filtering on systems that support this feature.
To help protect from network-based attempts to exploit this vulnerability, block the affected ports by using IPsec on the affected systems.