Admins warned to patch new RPC holes, use workarounds

Microsoft's latest critical alert on newly discovered holes in Windows RPC urges administrators to patch quickly before exploit code is available and a worm is crafted. There are also workarounds enterprises can implement until patches can be applied.

Microsoft and several security experts are warning enterprise administrators to patch their systems against newly discovered buffer overflow and denial-of-service vulnerabilities in Windows Remote Procedure Call (RPC).

In addition to patching, administrators are urged to employ some workarounds until more details emerge about the flaws and whether exploit code is available.

Last month, the Blaster worm roared through a similar critical hole in RPC scanning Windows 2000 and XP machines for port 135. Blaster's proficient scanning generated volumes of traffic that brought some networks to a standstill.

Some of the workarounds include:

  • Blocking UDP ports 135, 137, 138 and 445 at the firewall;
  • Blocking TCP ports 135, 139, 445 and 593 at the firewall;
  • Disable DCOM services;
  • Disable RPC over HTTP, which listens on ports 80 and 443;
  • Disable COM Internet Services

NT Bugtraq editor Russ Cooper wrote in a post to the mailing list that the RPC over HTTP or Tunneling TCP/IP vectors aren't enabled on many systems and would be unlikely entry points for a worm.

"The vulnerabilities patched by [Microsoft] represent new vectors for a Blaster-like worm to exploit, even if you have applied [patch] MS03-026," Cooper said.

In addition to the patch and several workarounds, Microsoft has also released a network scanning tool to find systems that don't have the MS03-039 patch. Microsoft is encouraging customers to use the tool--available in Microsoft Knowledge Base article 827363--to determine if their systems are patched.

FOR MORE INFORMATION:

Microsoft security bulletin MS03-039

SearchSecurity.com news exclusive: "Three new critical RPC flaws found"

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close