Anonymous web surfing
Security expert Integralis has warned of a new flaw discovered in Windows
XP and 2000.
It exists in that apparently most fragile of technologies, the RPCSS
service and the way RPC (remote procedure call) messages are handled by
the DCOM (distributed component object model) element of the service.
Already two vulnerabilities have been found in the service, which have
been exploited to great effect by the Blaster virus.
Pete Philips, penetration tester with Integralis has advised: 'This is a
new RPC issue and is notthe same as the recent MS03-026 or MS03-039.
Microsoft has yet to release patches. In the meantime it would be wise to
ensure that all of the [vulnerable] ports are blocked on machines facing
hostile environments such as the Internet.'
This new RPC/DCOM flaw can be exploited by specially crafted data packets
sent as an RPC message which could give an attacker access to a target
machine with system privileges to run any code. It may also be used to
simply crash the service and effectively take the machine offline.
Integralis warns that there is already publicly available code that will
exploit the vulnerability and in tests has found it crashes RPCSS service
on Windows 2000 and XP, even when patched with MS03-039 (Microsoft's
patches issued for previous RPC flaws). Additionally, unpatched Windows
2000 systems can have code run on them.
The vulnerable ports are 135/tcp, 139/tcp, 445/tcp, 593/tcp, 135/udp, 137/udp,
138/udp and 445/udp.
For anyone new - you can get your machine checked automatically (although
i always feel you are giving someone access they should not have to your
PC - although the choice is the lesser of two evils). |