Microsoft

Tech Tip: Protect your systems against an RPC flaw

On July 16, 2003, Microsoft issued security bulletin MS03-026 in response to a buffer overrun vulnerability in the Remote Procedure Call (RPC) services for all NT-based versions of Windows, including Windows Server 2003, Windows XP, Windows 2000, and Windows NT.

A buffer overrun vulnerability occurs when an unchecked buffer is exploited by overwriting program code with code of an attacker's choosing. This includes possibly executable code, which can result in a change of the program's function.

You can protect your RPC system against this particular flaw with a properly configured firewall or by installing a patch that's available from Microsoft. The Internet Connection Firewall included in Windows Server 2003 will also help protect the server against this problem. Installing the patch is the preferred solution, but if that's not possible, block TCP/UDP ports 135, 139, and 445 at the firewall to help prevent external exploitation of this vulnerability.

If you haven't done so, install this patch as soon as possible. Windows Update will install this patch for you, or you can go directly to Microsoft's Web site to install the patch for Windows Server 2003 32-bit edition and Windows Server 2003 64-bit edition. Be sure to reboot your system after installation is complete.

Editor's Picks