Microsoft has warned about three new vulnerabilities in its operating systems. Two of these could allow code execution on affected computers. These vulnerabilities allow a person with evil intent to exploit RPC DCOM like the wide-spread worms W32/Blaster.A and W32/Nachi.A did few weeks ago.

Microsoft's severity rating is Critical.

Microsoft has made a patch for these vulnerabilities as well as for the vulnerabilities described in MS03-026. This patch and more technical information are available in Microsofts Security Bulletin MS03-039.
The patch is also available from Windows' automatic updating system.

The following operating systems are vulnerable:

• Microsoft Windows NT Workstation 4.0
• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0, Terminal Server
• Microsoft Windows 2000
• Microsoft Windows XP
• Microsoft Windows Server 2003

At the time of this writing no known malicious software that exploits the new vulnerabilities has been observed.

Norman advices all users to download this patch for Windows as soon as possible, to be protected from potential exploits of these vulnerabilities.

Per Olav Førland