Home Page

  


EARLIER NEWS

  


PC NEWS MENU

  


LATER NEWS

  

PC News Contents
11th September 2003

MORE RPC VULNERABILITIES IN WINDOWS

Brian Grainger
 

First there was Messenger Spam that exploited the open RPC on a Windows XP machine. Then came the Blaster worm and variants, which exploited some buggy code in the RPC service. Now Microsoft have warned of 3 more vulnerabilities in the RPC/DCOM arena.

Back in July Microsoft warned of, and issued a patch for, the first RPC vulnerability. Many did not hear the warning, or did not take much notice. In August, the Blaster worm exploited the buggy code and they did start to take notice. Well over 1.5 million IP addresses were targeted by the worm, including 4 of my friends. Fortunately, the worm did not do anything nasty like wipe the hard drive. If it had that may have been 1.5 million Linux converts!

Now a month on Microsoft admit 3 more vulnerabilities, again connected with the RPC service, and have issued a new patch. Once again, if a hacker exploits the vulnerabilities they can do anything to your machine. Microsoft rate the vulnerability as critical. They are right!

These new vulnerabilities include the classic buffer overrun situation. Microsoft have known about this coding problem for ages now. Their 'Trusted Computing' initiative was supposed to combat it. Did they not check for this type of coding problem before they issued the last patch? Apparently not. Code checking appears to be non existent at Microsoft. So much for 'Trusted Computing'.

Because the problem lies in the RPC service a hacker does not have to lure a user to a web site or have them open an e-mail. They just have to send a malformed message, via RPC, to your machine when you are online. This is why the problem is critical.

Once again the problem lies with all versions of Windows EXCEPT Windows 98 and Windows ME. People tell me that XP is more stable than 98. I don't agree that my installation of 98 is unstable, but I DO know that after the problems of the last 3 months Windows XP is just not an acceptable product. It makes users needlessly vulnerable to serious problems. Windows 98 does not. Linux does not. Apple Mac OS does not.

If you are unfortunate enough to be running one of the crappy Windows systems you should visit the following as soon as possible:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp

Here you will find technical details of the vulnerability and links to download the appropriate patch for your operating system.

You have been warned.

 

 

 

 


TOP