MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check)
Critical Nessus Plugin ID 34477
SynopsisThe remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe remote Windows host is affected by a remote code execution vulnerability in the 'Server' service due to improper handling of RPC requests. An unauthenticated, remote attacker can exploit this, via a specially crafted RPC request, to execute arbitrary code with 'System' privileges.
ECLIPSEDWING is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
SolutionMicrosoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008.