ALERT: For all XP and Windows Server users

Discussion in 'other security issues & news' started by martindijk, Jul 29, 2003.

Thread Status:
Not open for further replies.
  1. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi all,

    Just received an alert message concerning a leak in Windows XP/NT/2000/2003 operating systems.


    The leak concerns a leak in RPC (Remote Procedure Call) which will allow outsiders to enter your Pc and deleting files, changing files, rewriting files etc..

    Microsoft has already come up with a patch and advices all users of operating systems mentioned above to apply the patch immediately!!!

    Please read the whole story here:

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

    rgds,
    Martin
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I'm kind of surprised that the patch didn't run a "recognition pass" to see if it had already been applied - doesn't M$ stuff normally do that?

    I'd already done the previous update that referred to this, but I cranked up the other one mentioned here and it installed itself like it was brand-new.

    Are we sure this wasn't something new? Pete
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Pete!

    They have the same Q reference so the download is intended for the same issue but I haven't monitored any changes in the downloads. :D

    I don't recall ever seeing any evidence of a recognition pass such as you mentioned. I would be surprised (and disappointed) if they did have some sort of limitation along those lines as one of the possibilities you frequently need to keep in mind is that part or all of an applied update has been nullified by the install of another less recent patch. (Which happens very frequently when you have multiple admins and where there is no strict accountability for applying patches/updates). In this case, the only recourse is to re-apply the newer patch even though the previous application may be shown in the Add/Remove programs or elsewhere in the system.
     
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    If you have your NETBIOS ports closed (like we all have :D) there are no problems.

    To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135, 139, or 445 or any other specifically configured RPC port on the remote machine. For intranet environments, these ports would normally be accessible, but for Internet connected machines, these would normally be blocked by a firewall. In the case where these ports are not blocked, or in an intranet configuration, the attacker would not require any additional privileges.


    Dolf
     
Loading...
Thread Status:
Not open for further replies.