  |
|
| Home | Features | DMA® Info | About | Vol 28 Issue 5 October 2003 |
New Windows RPC Flaws Discoveredby George Gibbs, Acting Co‑Editor, The DataBus Steve Gibson writes a quickfix utility From an email sent to subscribers of the SpywareInfo free weekly newsletter (www.spywareinfo.com): http://www.microsoft.com/security/security_bulletins/ms03‑039.asp "Microsoft has announced a patch for a serious security flaw affecting Microsoft Windows NT, Windows 2000, Windows AT and Windows Server 2003. "This is a flaw very similar to the RPC flaw announced in July that led to the MSBlaster email worm, and can lead to the exact same exploit. Be aware that even if you have installed the patch available in July, you still need to download and install this new patch. "The MSBlaster worm, which was released after someone published detailed instructions to a security mailing list showing how to exploit the previous PPC flaw, caused severe problems all across the Internet. SpywareInfo asks all readers running affected versions of Windows to please install this patch as soon as possible. What? Again?!?! This replacement patch, which includes fixes for the three newly discovered vulnerabilities as well as the original one announced in July, can be obtained via Windows Update or by following the link at the beginning of the article to the Microsoft bulletin announcing it. Both this patch and the original one announced back in July deal with security vulnerabilities in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. Right as we went to press, Steve Gibson, well known for his http://grc.com website featuring "Shields UP!”, announced a tiny (29 KB) free utility to disable DCOM entirely once the above patch has been applied. In his words: "Microsoft's DCOM security patch leaves DCOM running, open, and waiting for the next malicious exploit. Our 29 kbyte 'DCOMbobulator' allows any Windows user to quickly check their system's DCOM vulnerability, then simply shut down the unnecessary DCOM security risk... DCOM serves no practical purpose for almost anyone and, as the entire world now knows, it creates a huge and unwarranted security risk. Therefore, it's crazy to leave DCOM running. Microsoft's DCOM vulnerability patch does fix this latest problem with DCOM But this was not the first problem with DCOM, so there's little support for the hope that this was the last problem .... Since no typical Windows user has ever needed to have DCOM enabled, it should be shut down immediately and disabled (after first making sure that it's safely patched when it's enabled and running). The DCOMbobulator makes this as easy as pressing a single "Disable DCOM” button. You can then restart Windows and verify that DCOM has been safely taken out of service. " I recommend that users of all vulnerable Windows systems apply this Microsoft patch immediately, and then protect themselves further by downloading Steve's free 29 KB utility ( http://grc.com/dcom/ ) to help ensure no further undiscovered DCOM exploits will affect you. While you're at Steve's website, take a look at his other free utilities. "The DCOMbobulator" is just one of several useful utilities he has created in response to "unnecessary and dangerous" Microsoft services enabled by default. If you'd like to make your computer a little more secure, Steve's site is an extremely useful place to look around. |
| DMA® Home | Computerfest® | Copyright Statement | ||
|
This site made possible by GEMAIR, INC.DMA®'s wholly owned ISP. |
Join DMA® now! |
|
top ^