New Critical Update for M$ XP/2k - Tilted Forum Project Discussion Community

jfranco13 · 09-10-2003, 03:57 PM

Microsoft released another critical update today. Here's the link to their article:

http://www.microsoft.com/security/se...s/ms03-039.asp

Could be another one as bad as the RPC vulnerability, but it's too early to tell.

Make sure your machines are patched

According to their web site, they say very generically

A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft.

santafe5000 · 09-10-2003, 06:12 PM

Saw on MSN that it is a similar flaw that was open on the Blaster Worm. Amazingly they announced it while at a hearing in DC for internet security.

laconic1 · 09-10-2003, 06:27 PM

According to The Register, its an updated version of the last patch.

MS amends anti-Blaster fix
By John Leyden
Posted: 10/09/2003 at 19:14 GMT

Microsoft today issued an amended antidote to the Windows vulnerability infamously exploited by the Blaster worm.

Today's fix for flaws with Microsoft's implementation of Remote Procedure Calls (RPC) within its Distributed Component Object Model (DCOM) framework supersede a patch Redmond issued in July. It also replaces a fix (MS01-48) involving a DoS risk MS issued two years ago.

The July patch is effective at stopping the flaw Blaster exploits. The trouble is there are more than one flaw with Microsoft's implementation of an RPC interface for Distributed Component Object Model services (DCOM). This gives rise to security vulnerabilities not fixed by the first patch.

According to Microsoft's revised bulletin, it turns out there are "three identified vulnerabilities" in the RPCSS Service that deal with DCOM activation - two that could allow arbitrary code execution and one that could result in a denial of service.

"An attacker who successfully exploited these vulnerabilities could be able to run code with local system privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges," Microsoft warns.

The issue affects the underlying RPCSS Service used for DCOM activation, which listens on UDP ports 135, 137, 138, 445 and TCP ports 135, 139, 445, 593. Additionally, it can listen on ports 80 and 443 if COM Internet Services (CIS) or RPC over HTTP is enabled.

This complicates procedures for mitigating against the threat - we now have to worry about a far wider range of ports beyond port 135 used by Blaster to spread. Workarounds involving turning off services and blocking ports on the firewall could be attempted but the risk of affecting legitimate services is that much greater.

No surprise then that Microsoft describes its latest fix as 'critical'. As before the flaws Microsoft has identified affect Windows NT 4, NT 4 Terminal Edition, Win 2000, XP and Win 2003. Once again only Windows 98 and Me users are left off the hook.

Microsoft recommends that system administrators "should apply the security patch immediately", unusually forceful advice from the software giant. But given the possibility of Blaster-type worms arising from the flaws MS has identified it's a recommendation well worth heeding.

The advisory, which provides links to patches and details workarounds, can be found here. ®

Speed_Gibson · 09-10-2003, 07:33 PM

*looks at my Debian/Knoppix box in an increasingly better light*

- while typing on WinXP Pro Corporate of course

BoCo · 09-10-2003, 10:04 PM

I love this part:

"Get instructions for determining which version of Windows you are running"

The fact that there are people who don't even know what version of Windows they're running is one of the biggest problems out there. Not knowing something so simple means they also don't know how to keep themselves safe in the first place.

Pragma · 09-11-2003, 07:00 AM

Exactly, BoCo. Most people, when you ask them "What version of Windows are you running?" go "Uh, how do I found out?"

It's not like the version you run is displayed in a big logo when you turn on the comp--- oh wait, you mean it is?

And then other people try to yell at Microsoft about being insecure. Well, when you're catering to the lowest common denominator in terms of PC users, there's not too much you can do.

09-10-2003, 03:57 PM	#1 (permalink)
jfranco13 Crazy Location: Pittsburgh, PA	New Critical Update for M$ XP/2k Microsoft released another critical update today. Here's the link to their article: http://www.microsoft.com/security/se...s/ms03-039.asp Could be another one as bad as the RPC vulnerability, but it's too early to tell. Make sure your machines are patched According to their web site, they say very generically A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft. __________________ We may lose, and we may win, but we will never be here again.

09-10-2003, 06:12 PM	#2 (permalink)
santafe5000 EVIL! Location: Southwest of nowhere	Saw on MSN that it is a similar flaw that was open on the Blaster Worm. Amazingly they announced it while at a hearing in DC for internet security. __________________ When all else fails, QUIT.

09-10-2003, 10:04 PM	#5 (permalink)
BoCo Fear the bunny Location: Hanging off the tip of the Right Wing	I love this part: "Get instructions for determining which version of Windows you are running" The fact that there are people who don't even know what version of Windows they're running is one of the biggest problems out there. Not knowing something so simple means they also don't know how to keep themselves safe in the first place. __________________ Activism is a way for useless people to feel important.

09-11-2003, 07:00 AM	#6 (permalink)
Pragma I am Winter Born Location: Alexandria, VA	Exactly, BoCo. Most people, when you ask them "What version of Windows are you running?" go "Uh, how do I found out?" It's not like the version you run is displayed in a big logo when you turn on the comp--- oh wait, you mean it is? And then other people try to yell at Microsoft about being insecure. Well, when you're catering to the lowest common denominator in terms of PC users, there's not too much you can do. __________________ Eat antimatter, Posleen-boy!

09-10-2003, 06:27 PM	#3 (permalink)
laconic1 Junkie	According to The Register, its an updated version of the last patch. MS amends anti-Blaster fix By John Leyden Posted: 10/09/2003 at 19:14 GMT Microsoft today issued an amended antidote to the Windows vulnerability infamously exploited by the Blaster worm. Today's fix for flaws with Microsoft's implementation of Remote Procedure Calls (RPC) within its Distributed Component Object Model (DCOM) framework supersede a patch Redmond issued in July. It also replaces a fix (MS01-48) involving a DoS risk MS issued two years ago. The July patch is effective at stopping the flaw Blaster exploits. The trouble is there are more than one flaw with Microsoft's implementation of an RPC interface for Distributed Component Object Model services (DCOM). This gives rise to security vulnerabilities not fixed by the first patch. According to Microsoft's revised bulletin, it turns out there are "three identified vulnerabilities" in the RPCSS Service that deal with DCOM activation - two that could allow arbitrary code execution and one that could result in a denial of service. "An attacker who successfully exploited these vulnerabilities could be able to run code with local system privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges," Microsoft warns. The issue affects the underlying RPCSS Service used for DCOM activation, which listens on UDP ports 135, 137, 138, 445 and TCP ports 135, 139, 445, 593. Additionally, it can listen on ports 80 and 443 if COM Internet Services (CIS) or RPC over HTTP is enabled. This complicates procedures for mitigating against the threat - we now have to worry about a far wider range of ports beyond port 135 used by Blaster to spread. Workarounds involving turning off services and blocking ports on the firewall could be attempted but the risk of affecting legitimate services is that much greater. No surprise then that Microsoft describes its latest fix as 'critical'. As before the flaws Microsoft has identified affect Windows NT 4, NT 4 Terminal Edition, Win 2000, XP and Win 2003. Once again only Windows 98 and Me users are left off the hook. Microsoft recommends that system administrators "should apply the security patch immediately", unusually forceful advice from the software giant. But given the possibility of Blaster-type worms arising from the flaws MS has identified it's a recommendation well worth heeding. The advisory, which provides links to patches and details workarounds, can be found here. ®

09-10-2003, 07:33 PM	#4 (permalink)
Speed_Gibson Who knows what evil lurks in the hearts of men? Location: right here of course	looks at my Debian/Knoppix box in an increasingly better light - while typing on WinXP Pro Corporate of course