Contact Us
Critical Microsoft RPCSS Vulnerability
- URL: http://www.secureworks.com/research/threats/rpcssadvisory
- Date: September 10, 2003
- Author: Joe Stewart
UPDATE: September 16, 2003: Working exploit code for this vulnerability has been made public.
***Critical Threat***
Microsoft has issued another advisory concerning vulnerabilities in the RPC service. This is not the same vulnerability that the Blaster/Nachia worms used, but it is the same service and it will be trivial for hackers to adapt the existing exploits or worms to take advantage of the new exploit. Even though you may have patched your systems against the previous RPC exploit, you will need to apply this new patch.
Threat:
Critical
These vulnerabilities should be taken with the same seriousness as the previous MS RPC vulnerabilities, which resulted in the MSBlaster and Nachia worms.
Remediation:
Now is the time to roll out patches for this vulnerability. Last time it took two weeks for exploit code to appear and two more weeks for a worm. This time the cycle may be considerably less because the hackers will be able to build off the previous exploit code.
Some links that may be of use in determining your exposure to this vulnerability:
Technical Bulletin: http://www.microsoft.com/technet/security/bulletin/MS03-039.asp CERT Advisory: http://www.cert.org/advisories/CA-2003-23.html End-User Bulletin: http://www.microsoft.com/security/security_bulletins/ms03-039.asp
Several other Microsoft vulnerabilities have been announced in the last two weeks. This would be a good time to apply patches for these as well. Critical patches are on the Windows Update site for Internet Explorer and Microsoft Office. The MS03-032 patch we alerted you about last week is especially important, as exploits are in the wild and your users can be hacked simply by visiting the wrong website with Internet Explorer.
