Sunday, September 05, 2010
Register  Login
  Our sponsors   
  Users currently online   
Membership Membership:
Latest New User Latest: SullyC
New Today New Today: 0
New Yesterday New Yesterday: 0
User Count Overall: 53
People Online People Online:
Visitors Visitors: 1
Members Members: 0
Total Total: 1
Online Now Online Now:
Periwinkle Communications
Viruswarn banner
you are here: Forums  Search

Welcome to the Viruswarning forums.  All your original content has been ported to the new forums as  well as new content and additional opportunities to interact with the authors of Viruswarn.com.  You can always access old content at www.leedrake.com/forum .  You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.

Enjoy!
  Viruswarn Forums
Forums > Viruswarning Forum > Viruswarning archive
Subject: RPC Vulnerability

You are not authorized to post a reply.   
Author Messages
Lee Drake
Posts:238
09/11/2003 12:17 AM  
What it is On further investigation by various sources it was found that the same component (the RPC/DCOM component) that made everyone so vulnerable to the Blaster worm has 3 more vulnerabilities. Microsoft has patched these as well in a new patch labeled MS03-039. Like the last batch only Win NT 4, NT 4 Terminals services, Win 2000, Win XP (home and professional), Win 2003 are affected by this vulnerability. Because there are live worms and viruses that already are programmed to attack this component we feel that a new worm will probably follow very quickly after this announcement. Rather than writing something from scratch the black hats only need to modify an existing program - much much easier. Please make an effort to patch this ASAP to protect your machine. As before machines behind firewalls should be protected as long as an outside the firewall machine isn't brought behind it with the virus already on it. Just today I had a situation where - despite corporate policies otherwise - someone brought a laptop behind their company firewall without first checking it for viruses - and brought the company's local network to it's knees by flooding it with traffic from a virus. A personal firewall could also help to protect against this threat. If you are a corporate support person please note that the patch breaks older patch detection programs. After applying the patch such programs may falsely report that MS03-026 is no longer installed (the original RPC patch). Please download the newer version of the scanner before panicking - you're probably fine. The new scanner's available at: http://support.microsoft.com/default.aspx?kbid=827363 . If you update MBSA to it's latest signatures it too should identify patched or unpatched systems: http://support.microsoft.com/default.aspx?kbid=320454 What you should do Download and install (either through http://windowsupdate.microsoft.com or through http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp the patch from Microsoft for your operating system on all vulnerable systems. Please do this ASAP. If you have automatic updates set up and you have the "globe" in your system tray with the "new critical updates are waiting to be installed", please let the installation proceed. Keep virus software installed and up to date Have an exterior firewall that blocks traffic to the RPC ports (most will do this by default): * Port 135 (tcp/udp) Port 137 (udp) Port 138 (udp) Port 139 (tcp) Port 445 (tcp/udp) Port 593 (tcp) Have a personal firewall that blocks the same traffic, and monitors for programs attempting to access the internet or activate the built in XP internet connection firewall, Disable DCOM (information on this in the technical bulletin for MS03-039) Security professionals should download the newer version of the scanner before panicking. The new scanner's available at: http://support.microsoft.com/default.aspx?kbid=827363 . If you update MBSA to it's latest signatures it too should identify patched or unpatched systems: http://support.microsoft.com/default.aspx?kbid=320454 Further Resources Info on the vulnerability http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp Info on the scanner http://support.microsoft.com/default.aspx?kbid=827363 Info on MBSA http://support.microsoft.com/default.aspx?kbid=320454 Info from CERT http://www.cert.org/advisories/CA-2003-23.html Lee Drake Aztek Computer Solutions, Inc. 274 N. Goodman St Suite B269 Rochester, NY 14607 the human side of computing Email: ldrake@azcomputer.net Web: www.azcomputer.net Office Phone: 585-242-2060 Fax number: 585-242-9441
You are not authorized to post a reply.
Forums > Viruswarning Forum > Viruswarning archive > RPC Vulnerability


ActiveForums 3.6
  Register or Login


Forgot Password ?
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement