Home / bulletins MS08-059 – Critical: Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) - Version:1.1
Posted on 15 October 2008
There is an newer version: MS08-059 - Version: 1.2
CriticalSeverity Rating: Critical - Revision Note: V1.1 (October 15, 2008): Added reference to Microsoft Knowledge Base Article 956695 to Known Issues in the Executive Summary section. Also, corrected the title of the HIS Command Execution Vulnerability (CVE- 2008-3466) in the Acknowledgments section.Summary: This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
Other versions
- MS08-059 - Version: 1.0
- MS08-059 - Version: 1.1
- MS08-059 - Version: 1.2
