MS06-031 - KB 917736
This looks to be an obscure bug that only affects Windows 2000. In
reality, the conditions for exploitation seem rare and no code execution
is possible. The bug only affects custom RPC applications using SSL
with mutual authentication, which probably doesn't amount to many
applications out there. Finally, the impact of this bug only
allows the attacker to impersonate a trusted RPC server - it doesn't
allow code execution.
For all the overworked sysadmins, you can probably leave this at the
bottom of your patch list.
this vulnerability is also covered in CVE-2006-2380.
Jun 13th 2006
1 decade ago