Microsoft has announced today a critical remote vulnerability in Windows RPC request handling. Microsoft and eEye have released a detailed advisory to alert and inform Windows users of the need to immediately remediate vulnerable machines on their networks.

eEye Digital Security Advisory http://www.eeye.com/html/Research/Advisories/AD20030910.html

Microsoft Patch
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp
(http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp)

Users should note that this vulnerability differs from the vulnerability publicized in Microsoft Bulletin MS03-026 found here:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
(http://www.microsoft.com/technet/security/bulletin/MS03-026.asp)

eEye Releases Updated Free RPC DCOM Vulnerability Scanner
eEye also announces the immediate availability of a Retina® RPC Vulnerability Scanner to scan for and detect this newly discovered RPC flaw. This tool is based on eEye’s award-winning Retina® Network Security Scanner and is being made available for free to assist IT administrators in their efforts to quickly remediate this vulnerability.
http://www.eeye.com/html/Research/Tools/RPCDCOM.html

Retina Network Security Scanner has also been updated to address this newly discovered vulnerability. The RPC vulnerability testing methodology utilized by both Retina and the RPC scanners are non-intrusive and dramatically more accurate than other tools currently available.
http://www.eeye.com/html/Products/Retina/index.html

Has anyone downloaded the actual patch file, I mean without using microsoft update? I am trying to locate the file on the Microsoft website, however I am only seeing where they want me to use the Update service.

If that is the case I have many problems:
1. Not all my users have access to the internet.
2. Most users are not comfortable installing a patch, as easy as it sound, that means administrator will have to go to most machine, matter of fact all since we may not want to trust users to install a security patch.

For the last one we used a tool from Microsoft. Oh I must go check it out to see if it will download the patch to its database so that we can deploy.

How are you guys with 100s of users doing it?

yeah....im with you on this one wierd_o....where is the individual file?
whas all the having to expose your sys to ms before eh?
im not having it. im way too cynical. :D

Don't you guys see the download links for the different OS on the page microsoft patch page?

This is for XP. The file is called WindowsXP-KB824146-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B424-95D32CFC8CBA&displaylang=en
This for Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F4F66D56-E7CE-44C3-8B94-817EA8485DD1&displaylang=en
This is for NT Server 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=71B6135C-F957-4702-B376-2DACCE773DC0&displaylang=en

;D tanks