The Lookout: New Critical RPC Flaws

 
 
By Dennis Fisher  |  Posted 2003-09-11 Print this article Print
 
 
 
 
 
 
 

Nearly a month to the day after the Blaster worm began tearing through the Internet, Microsoft Corp. reported three newly identified flaws in the Windows RPC protocol, two of which are quite similar to the one that Blaster attacks.

Nearly a month to the day after the Blaster worm began tearing through the Internet, Microsoft Corp. reported three newly identified flaws in the Windows RPC protocol, two of which are quite similar to the one that Blaster attacks.

The most recent vulnerabilities include two buffer overruns and a denial-of-service (DoS) flaw—all of which are found in the RPCSS service.

An attacker who exploits one of the buffer overruns can run any code on a vulnerable machine. Exploiting the DoS flaw results in the failure of the RPCSS service.

To remedy the vulnerabilities, the company issued a new patch (www.microsoft.com/security/security_bulletins/ms03-039.asp) that supersedes the one it released to fix the earlier flaw.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel