TITLE: Microsoft Windows 2000 Fix for Buffer Overrun In RPC Interface VERSION: 1.00 Rev A DESCRIPTION: This contains the Windows 2000 fix for the workstation models listed below for the possible security vulnerability explained in Microsoft Knowledge Base Article 823980. Microsoft originally released this bulletin and patch on July 16, 2003, to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the "mitigating factors" and "workarounds" discussions in the original security bulletin did not clearly identify all the ports by which the vulnerability could potentially be exploited. Microsoft has updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked and to make sure that customers who choose to implement a workaround before installing the patch have the information that they must have to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability and do not have to take further action. PURPOSE: Recommended Update SOFTPAQ NUMBER: SP25186 SUPERSEDES: None EFFECTIVE DATE: August 25, 2003 CATEGORY: OS and OS Enhancements SSM SUPPORTED: No PRODUCT TYPE(S): Workstations PRODUCT MODEL(S): HP Workstation xw6000: All Models HP Workstation xw4100: All Models HP Workstation xw8000: All Models HP Workstation xw5000: All Models HP Workstation xw4000: All Models HP Workstation xw3100: All Models OPERATING SYSTEM(S): Microsoft Windows 2000 LANGUAGE(S): Global PREREQUISITES: N/A HOW TO USE: 1. Download the SoftPaq .EXE file to a directory on your hard drive. 2. Execute the downloaded file and follow the on-screen instructions. Copyright (c) 2003 Hewlett-Packard Development Company, L.P.