Feeds

MS amends anti-Blaster fix

Vulnerability deep, risk high

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Microsoft today issued an amended antidote to the Windows vulnerability infamously exploited by the Blaster worm.

Today's fix for flaws with Microsoft's implementation of Remote Procedure Calls (RPC) within its Distributed Component Object Model (DCOM) framework supersede a patch Redmond issued in July. It also replaces a fix (MS01-48) involving a DoS risk MS issued two years ago.

The July patch is effective at stopping the flaw Blaster exploits. The trouble is there are more than one flaw with Microsoft's implementation of an RPC interface for Distributed Component Object Model services (DCOM). This gives rise to security vulnerabilities not fixed by the first patch.

According to Microsoft's revised bulletin, it turns out there are "three identified vulnerabilities" in the RPCSS Service that deal with DCOM activation - two that could allow arbitrary code execution and one that could result in a denial of service.

"An attacker who successfully exploited these vulnerabilities could be able to run code with local system privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges," Microsoft warns.

The issue affects the underlying RPCSS Service used for DCOM activation, which listens on UDP ports 135, 137, 138, 445 and TCP ports 135, 139, 445, 593. Additionally, it can listen on ports 80 and 443 if COM Internet Services (CIS) or RPC over HTTP is enabled.

This complicates procedures for mitigating against the threat - we now have to worry about a far wider range of ports beyond port 135 used by Blaster to spread. Workarounds involving turning off services and blocking ports on the firewall could be attempted but the risk of affecting legitimate services is that much greater.

No surprise then that Microsoft describes its latest fix as 'critical'. As before the flaws Microsoft has identified affect Windows NT 4, NT 4 Terminal Edition, Win 2000, XP and Win 2003. Once again only Windows 98 and Me users are left off the hook.

Microsoft recommends that system administrators "should apply the security patch immediately", unusually forceful advice from the software giant. But given the possibility of Blaster-type worms arising from the flaws MS has identified it's a recommendation well worth heeding.

The advisory, which provides links to patches and details workarounds, can be found here. ®

Related Stories

Blaster worm spreading rapidly
Blaster rewrites Windows worm rules
Windows Update still standing despite Blaster
Blaster variant offers 'fix' for pox-ridden PCs
FBI arrests Blaster suspect
Feds sexed up case - Blaster suspect
Panel probes the half-life of bugs

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.