Get APLawrence.com by RSSWindows RPC flaw
By Michael Desrosiersm3ip Inc.
Email: mdesrosiers@m3ipinc.com
Web: m3ipinc.com
An attack tool, also known as an autorooter, is being used to compromise Windows servers. The tool can take commands that are sent through Internet relay chat (IRC) channels and is capable of scanning for and compromising systems vulnerable to the highly publicized recent Windows remote procedure call (RPC) vulnerability.
This vulnerability affects almost all versions of Windows and could enable a remote attacker to place and run malicious code on affected machines, giving them total control over the systems according to Microsoft.
After examining a clobbered together exploit package called Worm.Win32.Autorooter, it is obvious where this type of worm is heading. Because it requires no user interaction it is being compared to the buffer overflow vulnerability in Microsoft's Internet Information Server (IIS) that was exploited by the Code Red worm in July of 2001.
The major difference that I see, is that Code Red infected Windows servers only, this exploit has the capability of infecting servers AND workstations alike. Now we are talking millions of potential systems and not thousands.
I have seen a significant level of recon or scanning, since the Distributed Component Object Model (DCOM) exploit was found in the wild on July 25th, which once again brings up my major gripe. The current patching system is broke. What consumers should demand is that software vendors "start writing more secure applications." Only intense pressure from buyers appliance vendors to do the right thing for their customers by taking responsibility for the flaws they are putting in our computers and on our networks. If the Department of Homeland Security wants to improve cyber security it should demand that its vendors deliver secure configurations and automatically deliver patches that work, or pay the costs of cleaning up the messes caused by their failure to do so.
In the mean time, please take these steps to protect your environment. Block TCP port 135 (Windows RPC service), TCP port 139 (Windows NetBIOS network communication) and port 445 (Windows Server Message Block) on your local firewall. And apply the Microsoft patch found in regards to Microsoft Security Bulletin MS03-026: http://www.microsoft.com/security/security_bulletins/ms03-026.asp
Publish your articles, comments, book reviews or opinions here!
© August 2003 Michael Desrosiers All rights reservedEnter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 2 | 10 | 54 | 524 | 5,005 |
/MDesrosiers/mdwinrpcflaw.html copyright August 2003 Michael Desrosiers All Rights Reserved
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Your ad here - $24.00 yearly!
http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses
http://www.cleverminds.net Need expert advice? Want a second opinion? CleverMinds is a one-stop-shop for a wide range of technology solutions. We support Unix, Linux, SCO as well as CMS, ecom, blogs, podcasts, search engines consulting and more. Contact us at web2.0@cleverminds.net 0r (617) 894-1282
http://www.breakthru.com.au SCO (Openserver and Unixware), Unix, Solaris and Linux Consulting services including: Secure Networking Solutions; Linux based Firewalls; Backup Solutions; Secure Home to Office Network Setup; Phone, Remote and On-Site Support available - Satisfaction Guaranteed!
Related Posts
Add your comments
Play LEGAL poker and win cash
$50,000 FREE Tournament August 31st!