Home > Security News > Update: Exploit code targets recent RPC flaws
Security News:
EMAIL THIS

Update: Exploit code targets recent RPC flaws

By Shawna McAlearney, Information Security Magazine
10 Oct 2003 | Information Security Magazine

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Long-anticipated exploit code targeting the most recent Microsoft RPC vulnerabilities is circulating and can cause a denial-of-service on even patched Windows XP/2000 systems, experts say.

"The published exploit can carry out a denial of service across a range of versions, levels and language versions of Microsoft Windows 2000 and XP, and achieves remote code execution on unpatched systems, says an advisory from the U.K. National Infrastructure Security Co-ordination Centre (NISCC). "The 'universal' nature of the exploit may assist the development of a worm incorporating some of the attack techniques."

"While the current code can only inflict a DoS condition on the target system, it's conceivable that it could be modified in a manner that will permit the execution of arbitrary code," says Aaron Schaub, a security analyst at managed security services provider TruSecure Corp. in Herndon, Va.

The code exploits a slight variant in the RPCSS (the Remote Procedure Call portmapper, which directs traffic for different services using RPC) vulnerability documented in Microsoft Security Bulletin MS03-039.

NISCC strongly recommends that all RPC calls are blocked at the organizational perimeter. Destination TCP/UDP ports 135-139, 445 and 593 should be blocked both inbound and outbound.

A patch was released to correct the "Buffer Overrun In RPCSS Service Could Allow Code Execution" (MS03-039) vulnerabilities; which deal with RPC messages for DCOM activation. According to Microsoft, two of the flaws could allow arbitrary code execution; and the third could result in a denial of service. The flaws affect Windows NT 4/2000/XP/Server 2003 and result from incorrect handling of malformed messages.

Many security experts have speculated that the release of a worm using this code could come at any time. In August, the prolific Blaster worm ripped through networks worldwide by exploiting a similar RPC/DCOM vulnerability for which a patch had been released more than three weeks before.



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts