Article

Admins warned to patch new RPC holes, use workarounds

Michael S. Mimoso, Editorial Director

Microsoft and several security experts are warning enterprise administrators to patch their systems against newly discovered buffer overflow and denial-of-service vulnerabilities in Windows Remote Procedure Call (RPC).

In addition to patching, administrators are urged to employ some workarounds until more details emerge about the flaws and whether exploit code is available.

Last month, the Blaster worm roared through a similar critical hole in RPC scanning Windows 2000 and XP machines for port 135. Blaster's proficient scanning generated volumes of traffic that brought some networks to a standstill.

Some of the workarounds include:

  • Blocking UDP ports 135, 137, 138 and 445 at the firewall;
  • Blocking TCP ports 135, 139, 445 and 593 at the firewall;
  • Disable DCOM services;
  • Disable RPC over HTTP, which listens on ports 80 and 443;
  • Disable COM Internet Services

NT Bugtraq editor Russ Cooper wrote in a post to the mailing list that the RPC over HTTP or Tunneling TCP/IP vectors aren't enabled on many systems and would be unlikely entry points for a worm.

"The vulnerabilities patched by [Microsoft] represent new vectors for a Blaster-like worm to exploit, even if you have applied [patch] MS03-026," Cooper said.

In addition to the patch and several workarounds, Microsoft has also released a network scanning tool to find systems that don't have

    Requires Free Membership to View

the MS03-039 patch. Microsoft is encouraging customers to use the tool--available in Microsoft Knowledge Base article 827363--to determine if their systems are patched.

FOR MORE INFORMATION:

Microsoft security bulletin MS03-039

SearchSecurity.com news exclusive: "Three new critical RPC flaws found"


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: