Windows RPC vulnerability high on list of flaws to watch

Anxious administrators have more evidence they should patch the critical Windows Remote Procedure Call flaw immediately before a worm strikes.

A critical vulnerability in Windows RPC-DCOM, discovered July 16, ranks first among the most prevalent and dangerous vulnerabilities, according to a new list released Wednesday.

Qualys' Real-Time Vulnerabilities List

Below is Qualys' Real-Time Top Ten Vulnerabilities list. The vendor urges network administrators to secure their systems against these security holes.

  • Microsoft Windows RPC-DCOM interface buffer overrun
  • Microsoft IIS CGI filename decode error
  • Microsoft Index Server and Indexing Service ISAPI extension buffer overflow
  • Microsoft IIS malformed HTR request buffer overflow
  • Apache chunked-encoding memory corruption
  • ISC BIND SIG cached resource record buffer overflow (sigrec bug)
  • Microsoft Windows 2000 IIS WebDAV buffer overflow
  • Sendmail address prescan possible memory corruption
  • SSL Server has SSLv2 enabled
  • Writable SNMP information

The list, compiled by vulnerability-scanning service provider Qualys Inc., Redwood Shores, Calif., includes many older vulnerabilities, but the RPC-DCOM flaw is prominent, despite its recent discovery.

The vulnerability is in the way Remote Procedure Call (RPC) is implemented in most versions of Windows. The flaw, associated with the Distributed Component Object Model (DCOM) interface with RPC, is found in Windows NT, XP and 2000, as well as Windows Server 2003.

The RPC-DCOM vulnerability is a typical buffer overflow. Attackers who send properly crafted RPC requests can gain control of susceptible systems. The flaw itself is certainly severe, but its pervasiveness makes it especially worrisome. Since it was announced, experts have predicted that a worm will be created to take advantage of it. Those predictions became even more dire last weekend, when code to exploit the vulnerability was posted on security mailing lists.

Systems administrators are now in a race against time to patch their systems or perform workarounds to reduce their exposure before a worm strikes.

Qualys created the Real-Time Top Ten Vulnerabilities list to alert systems administrators to the flaws they should address first. The company constructed the list from raw data it has collected during the last 18 months through its vulnerability-scanning service. Qualys chief technology officer Gerhard Eschelbeck analyzed the information and pulled out the 10 vulnerabilities based on prevalence and danger.

In addition to the RPC flaw, also prominent on the list are several holes in Microsoft Internet Information Server (IIS) and a hole in SSL version 2.

"I was really surprised, as it's so easy to fix," Eschelbeck said.

Qualys is not alone in creating a list of top vulnerabilities. Recently, Internet Security Systems Inc. created the "Catastrophic Risk Index," which identifies 31 exploitable vulnerabilities companies should focus on.

Perhaps the granddaddy of all flaw lists is the SANS/FBI Top 20 Internet Security Vulnerabilities List, which Qualys helps compile. Eschelbeck sees his company's list and SANS' as complementary. "The SANS list is more an expert opinion of the most critical vulnerabilities at a specific point of time," he said, noting that Qualys tries to keep its list updated so that it's relevant at all times.

"We are always monitoring the data, and if we see a change, then we'll change the list to reflect that," Eschelbeck said.

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Windows RPC exploit code published"

Microsoft security bulletin MS03-26' and patch for RPC vulnerability

SearchSecurity.com news exclusive: "Buffer overflows top list of exploitable vulnerabilities"

SearchSecurity.com news exclusive "SANS, FBI identify top 20 Windows, Unix vulnerabilities"

FEEDBACK: Do you think a worm exploiting the RPC vulnerability is inevitable, and have you dropped everything and patched the flaw?
Send your feedback to the SearchSecurity.com news team.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close