Feeds

MS amends anti-Blaster fix

Vulnerability deep, risk high

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Microsoft today issued an amended antidote to the Windows vulnerability infamously exploited by the Blaster worm.

Today's fix for flaws with Microsoft's implementation of Remote Procedure Calls (RPC) within its Distributed Component Object Model (DCOM) framework supersede a patch Redmond issued in July. It also replaces a fix (MS01-48) involving a DoS risk MS issued two years ago.

The July patch is effective at stopping the flaw Blaster exploits. The trouble is there are more than one flaw with Microsoft's implementation of an RPC interface for Distributed Component Object Model services (DCOM). This gives rise to security vulnerabilities not fixed by the first patch.

According to Microsoft's revised bulletin, it turns out there are "three identified vulnerabilities" in the RPCSS Service that deal with DCOM activation - two that could allow arbitrary code execution and one that could result in a denial of service.

"An attacker who successfully exploited these vulnerabilities could be able to run code with local system privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges," Microsoft warns.

The issue affects the underlying RPCSS Service used for DCOM activation, which listens on UDP ports 135, 137, 138, 445 and TCP ports 135, 139, 445, 593. Additionally, it can listen on ports 80 and 443 if COM Internet Services (CIS) or RPC over HTTP is enabled.

This complicates procedures for mitigating against the threat - we now have to worry about a far wider range of ports beyond port 135 used by Blaster to spread. Workarounds involving turning off services and blocking ports on the firewall could be attempted but the risk of affecting legitimate services is that much greater.

No surprise then that Microsoft describes its latest fix as 'critical'. As before the flaws Microsoft has identified affect Windows NT 4, NT 4 Terminal Edition, Win 2000, XP and Win 2003. Once again only Windows 98 and Me users are left off the hook.

Microsoft recommends that system administrators "should apply the security patch immediately", unusually forceful advice from the software giant. But given the possibility of Blaster-type worms arising from the flaws MS has identified it's a recommendation well worth heeding.

The advisory, which provides links to patches and details workarounds, can be found here. ®

Related Stories

Blaster worm spreading rapidly
Blaster rewrites Windows worm rules
Windows Update still standing despite Blaster
Blaster variant offers 'fix' for pox-ridden PCs
FBI arrests Blaster suspect
Feds sexed up case - Blaster suspect
Panel probes the half-life of bugs

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.