Three New Critical RPC Flaws Found
Microsoft on Wednesday said that there are three newly identified flaws in the RPC protocol in Windows, two of which are quite similar to the one that Blaster attacks.Nearly a month to the day after the Blaster worm began tearing through the Internet looking for machines vulnerable to the RPC DCOM exploit, Microsoft Corp. on Wednesday said that there are three newly identified flaws in the RPC protocol in Windows, two of which are quite similar to the one that Blaster attacks. The most recent vulnerabilities include two buffer overruns and a denial-of-service flaw, all of which are found in the RPCSS service. Specifically, the problems lie in the portion of the service that handles RPC messages for the activation of the Distributed Component Object Model (DCOM). In all three cases, the vulnerability results from the failure of the RPCSS service to correctly handle malformed messages. An attacker who exploits one of the buffer overruns would be able to run any code he chose on a vulnerable machine. Exploiting the DoS flaw results in the failure of the RPCSS service.
This set of weaknesses is eerily similar to the one that Blaster has been exploiting since Aug. 11. The worm infected hundreds of thousands of PCs and numerous variants were released within a few days.