Windows flaw could allow denial-of-service attacks

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2003/0327windoflaw.html

By Joris Evers
IDG News Service
03/27/03

A security bug in a network function of Windows NT 4, 2000 and XP can 
expose computers running those operating systems to a 
denial-of-service attack, Microsoft warned. 

The flaw lies in Microsoft's implementation of a protocol called RPC, 
or Remote Procedure Call, that allows applications on a computer to 
call applications on another computer in a network. An attack on the 
RPC service could cause the networking services on the system to fail, 
Microsoft Wednesday said in security bulletin MS03-010. 

An attack would be carried out by sending a malformed request to the 
RPC endpoint mapper, a service that holds connection information on 
all RPC processes on that machine. The mapper listens on TCP/IP port 
135, generally accessible from within a company network, but typically 
blocked for external traffic by a firewall, mitigating the risk of an 
attack from the Internet, Microsoft said. 

A patch to fix the problem is available for Windows 2000 and Windows 
XP, but there is no patch for Windows NT 4.0 because of major changes 
in the RPC software since the release of Windows NT 4.0, according to 
Microsoft. Windows NT 4.0 users should install a firewall and filter 
traffic on port 135, the vendor said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.