Wednesday, October 15, 2003


vnunet.com DoS attack warning for Windows 2000/XP  

vnunet.com DoS attack warning for Windows 2000/XP: "DoS attack warning for Windows 2000/XP
By Robert Jaques [15-10-2003]
Last RPC patch does not protect systems, say researchers

Security experts are warning of a flaw that could allow hackers to launch a denial of service (DoS) attack against PCs running Windows 2000 and XP.
The vulnerability, in the Microsoft Remote Procedure Call (RPC) service, was discovered by security firm Internet Security Systems (ISS).
ISS warned that the flaw affects PCs even with the most current Windows patches installed, including computers patched against the devastating RPC flaw described in Microsoft Security Bulletin MS03-039.
According to ISS, the DoS vulnerability exists by exploiting the race condition, allowing attackers to crash the Microsoft RPC service and/or force vulnerable systems to reboot.
But the firm added that 'significant barriers exist' which may prevent reliable exploitation outside controlled lab conditions.
ISS said that Microsoft has not yet released a patch for the vulnerability, and urged network administrators to assess external exposure to vulnerabilities associated with Microsoft services running on ports 135, 137, 138, 139, 445 and 593 on both the network perimeter and VPN connections."

What does this mean? This means that attacks absolutely WILL happen and you'd better keep your guard up! The instant anyone knows that the vulnerability exists, EVERYone knows. And attacks will happen. The fact that the previous patch, thought to contain the problem, is not totally effective means that Windows flaws (or vulnerabilities, really, since they weren't mistakes, simply ways for people to do bad things to other people) are now down to the point where they can't be well patched without some major rewrite of a section of the OS, which is NOT something you're going to do in two or three days. Let's hope that they're working on the problem as we sit here waiting.

Comments: Post a Comment

This page is powered by Blogger. Isn't yours?