News Stay informed about the latest enterprise technology news and product updates.

Admins warned to patch new RPC holes, use workarounds

Microsoft's latest critical alert on newly discovered holes in Windows RPC urges administrators to patch quickly before exploit code is available and a worm is crafted. There are also workarounds enterprises can implement until patches can be applied.

Microsoft and several security experts are warning enterprise administrators to patch their systems against newly discovered buffer overflow and denial-of-service vulnerabilities in Windows Remote Procedure Call (RPC).

In addition to patching, administrators are urged to employ some workarounds until more details emerge about the flaws and whether exploit code is available.

Last month, the Blaster worm roared through a similar critical hole in RPC scanning Windows 2000 and XP machines for port 135. Blaster's proficient scanning generated volumes of traffic that brought some networks to a standstill.

Some of the workarounds include:

  • Blocking UDP ports 135, 137, 138 and 445 at the firewall;
  • Blocking TCP ports 135, 139, 445 and 593 at the firewall;
  • Disable DCOM services;
  • Disable RPC over HTTP, which listens on ports 80 and 443;
  • Disable COM Internet Services

NT Bugtraq editor Russ Cooper wrote in a post to the mailing list that the RPC over HTTP or Tunneling TCP/IP vectors aren't enabled on many systems and would be unlikely entry points for a worm.

"The vulnerabilities patched by [Microsoft] represent new vectors for a Blaster-like worm to exploit, even if you have applied [patch] MS03-026," Cooper said.

In addition to the patch and several workarounds, Microsoft has also released a network scanning tool to find systems that don't have the MS03-039 patch. Microsoft is encouraging customers to use the tool--available in Microsoft Knowledge Base article 827363--to determine if their systems are patched.


Microsoft security bulletin MS03-039 news exclusive: "Three new critical RPC flaws found"

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.