Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 MS-RPC:ATSVC-RUNDLL

Severity

 Major

Recommended

 No

Category

 MS-RPC

Keywords

 DCE-RPC Remote "atsvc" Rundll32.exe Job

Release Date

 2009/02/09

Update Number

 1363

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

MS-RPC: DCE-RPC Remote "atsvc" Rundll32.exe Job


This signature detects remote attempts to issue commands to rundll32.exe through the "atsvc" service. Worms and other malicious programs can use this service to execute programs remotely. However, network administrators can also use this service legitimately inside a secured network to assist with remote administration.

Extended Description

Microsoft Windows is prone to a remote code-execution vulnerability that affects RPC (Remote Procedure Call) handling in the Server service. An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits. Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue. This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Affected Products

  • Avaya messaging_application_server MM 1.1
  • Avaya messaging_application_server MM 2.0
  • Avaya messaging_application_server MM 3.0
  • Avaya messaging_application_server MM 3.1
  • Avaya messaging_application_server
  • Microsoft windows_2000_advanced_server SP4
  • Microsoft windows_2000_datacenter_server SP4
  • Microsoft windows_2000_professional SP1
  • Microsoft windows_2000_professional SP2
  • Microsoft windows_2000_professional SP3
  • Microsoft windows_2000_professional SP4
  • Microsoft windows_2000_professional
  • Microsoft windows_2000_server SP4
  • Microsoft windows_server_2003 SP1
  • Microsoft windows_server_2003 SP2
  • Microsoft windows_server_2003_datacenter_edition SP1
  • Microsoft windows_server_2003_datacenter_edition SP1 Beta 1
  • Microsoft windows_server_2003_datacenter_edition
  • Microsoft windows_server_2003_datacenter_edition_itanium SP1
  • Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
  • Microsoft windows_server_2003_datacenter_edition_itanium
  • Microsoft windows_server_2003_datacenter_x64_edition SP2
  • Microsoft windows_server_2003_datacenter_x64_edition
  • Microsoft windows_server_2003_enterprise_edition SP1
  • Microsoft windows_server_2003_enterprise_edition SP1 Beta 1
  • Microsoft windows_server_2003_enterprise_edition
  • Microsoft windows_server_2003_enterprise_edition_itanium SP1
  • Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
  • Microsoft windows_server_2003_enterprise_edition_itanium
  • Microsoft windows_server_2003_enterprise_x64_edition SP2
  • Microsoft windows_server_2003_enterprise_x64_edition
  • Microsoft windows_server_2003_itanium SP1
  • Microsoft windows_server_2003_itanium SP2
  • Microsoft windows_server_2003_itanium
  • Microsoft windows_server_2003_standard_edition SP1
  • Microsoft windows_server_2003_standard_edition SP1 Beta 1
  • Microsoft windows_server_2003_standard_edition SP2
  • Microsoft windows_server_2003_standard_edition
  • Microsoft windows_server_2003_standard_x64_edition
  • Microsoft windows_server_2003_web_edition SP1
  • Microsoft windows_server_2003_web_edition SP1 Beta 1
  • Microsoft windows_server_2003_web_edition SP2
  • Microsoft windows_server_2003_web_edition
  • Microsoft windows_server_2003_x64 SP1
  • Microsoft windows_server_2003_x64 SP2
  • Microsoft windows_server_2008_datacenter_edition
  • Microsoft windows_server_2008_enterprise_edition
  • Microsoft windows_server_2008_for_32-bit_systems
  • Microsoft windows_server_2008_for_itanium-based_systems
  • Microsoft windows_server_2008_for_x64-based_systems
  • Microsoft windows_server_2008_standard_edition
  • Microsoft windows_vista Beta
  • Microsoft windows_vista Beta 1
  • Microsoft windows_vista Beta 2
  • Microsoft windows_vista Business
  • Microsoft windows_vista Business SP1
  • Microsoft windows_vista Enterprise
  • Microsoft windows_vista Enterprise SP1
  • Microsoft windows_vista Home Basic
  • Microsoft windows_vista Home Basic SP1
  • Microsoft windows_vista Home Premium
  • Microsoft windows_vista Home Premium SP1
  • Microsoft windows_vista SP1
  • Microsoft windows_vista Ultimate
  • Microsoft windows_vista Ultimate SP1
  • Microsoft windows_vista
  • Microsoft windows_vista_business_64-bit_edition SP1
  • Microsoft windows_vista_business_64-bit_edition
  • Microsoft windows_vista_enterprise_64-bit_edition SP1
  • Microsoft windows_vista_enterprise_64-bit_edition
  • Microsoft windows_vista_home_basic_64-bit_edition SP1
  • Microsoft windows_vista_home_basic_64-bit_edition
  • Microsoft windows_vista_home_premium_64-bit_edition SP1
  • Microsoft windows_vista_home_premium_64-bit_edition
  • Microsoft windows_vista_ultimate_64-bit_edition SP1
  • Microsoft windows_vista_ultimate_64-bit_edition
  • Microsoft windows_vista_x64_edition SP1
  • Microsoft windows_vista_x64_edition
  • Microsoft windows_xp
  • Microsoft windows_xp_64-bit_edition SP1
  • Microsoft windows_xp_64-bit_edition
  • Microsoft windows_xp_64-bit_edition_version_2003 SP1
  • Microsoft windows_xp_gold
  • Microsoft windows_xp_home SP1
  • Microsoft windows_xp_home SP2
  • Microsoft windows_xp_home SP3
  • Microsoft windows_xp_home
  • Microsoft windows_xp_media_center_edition SP1
  • Microsoft windows_xp_media_center_edition SP2
  • Microsoft windows_xp_media_center_edition SP3
  • Microsoft windows_xp_media_center_edition
  • Microsoft windows_xp_professional SP1
  • Microsoft windows_xp_professional SP2
  • Microsoft windows_xp_professional SP3
  • Microsoft windows_xp_professional
  • Microsoft windows_xp_professional_x64_edition SP2
  • Microsoft windows_xp_professional_x64_edition
  • Microsoft windows_xp_tablet_pc_edition SP1
  • Microsoft windows_xp_tablet_pc_edition SP2
  • Microsoft windows_xp_tablet_pc_edition SP3
  • Microsoft windows_xp_tablet_pc_edition
  • Nortel_networks callpilot 1002Rp
  • Nortel_networks callpilot 1005R
  • Nortel_networks callpilot 201I
  • Nortel_networks callpilot 600R
  • Nortel_networks callpilot 703T
  • Nortel_networks contact_center-cct 5
  • Nortel_networks contact_center-cct
  • Nortel_networks contact_center-contact_recording
  • Nortel_networks contact_center_express
  • Nortel_networks contact_center_manager
  • Nortel_networks contact_center_manager_server
  • Nortel_networks contact_center_ncc
  • Nortel_networks contact_center-quality_monitoring
  • Nortel_networks contact_center-tapi_server
  • Nortel_networks enterprise_network_management_system
  • Nortel_networks multimedia_comm MCS5100
  • Nortel_networks self-service-ccss7
  • Nortel_networks self-service_ccxml
  • Nortel_networks self-service_media_processing_server
  • Nortel_networks self-service_mps_100
  • Nortel_networks self-service_mps_1000
  • Nortel_networks self-service_mps_500
  • Nortel_networks self-service_peri_application
  • Nortel_networks self-service_peri_workstation
  • Nortel_networks self-service_speech_server
  • Nortel_networks self_service_voicexml
  • Nortel_networks self-service_wvads
  • Nortel_networks symposium_agent

References

  • BugTraq: 31874
  • URL: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/taskschd/taskschd/about_the_task_scheduler.asp
  • URL: http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0126.html
  • URL: http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782725

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out