Microsoft

Tech Tip: Protect your systems against this RPC vulnerability

Just when you finished patching your servers against the Remote Procedure Call (RPC) vulnerability that surfaced in July, Microsoft releases the details of yet more critical vulnerabilities in the RPC service, which affects all versions of Windows based on the Windows NT kernel. This includes Windows Server 2003 as well as all versions of Windows XP.

Microsoft's MS03-039 security bulletin describes these new vulnerabilities and provides a patch that corrects the flaw. This patch also corrects the July RPC flaw described in the MS03-026 security bulletin.

The more recent problem is almost identical to the previous one, but the previous patch provided with MS03-026 doesn't correct the latest vulnerability. As before, the new flaw includes buffer overrun vulnerabilities that could result in an attacker gaining control over a system, resulting in a potential repeat of the Blaster worm fiasco. Another flaw addressed in MS03-039 is a denial of service vulnerability that can result in a hung server.

The Blaster worm accomplished two things. First, it emphasized the importance of systems administrators installing these patches as soon as possible. Second, it highlighted the need for Microsoft to seriously address its quality control system in all future versions of Windows and in a future service pack.

Systems behind a properly configured firewall are theoretically safe from exploits that use this vulnerability. However, all it takes is one infected system from the outside to affect machines behind the firewall.

You can download the patch for the Windows Server 2003 32-bit edition and the Windows Server 2003 64-bit edition from Microsoft's Web site.

Editor's Picks