Three New Critical RPC Flaws Found
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Three New Critical RPC Flaws Found

Written By
Dennis Fisher
Dennis Fisher
Sep 10, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Nearly a month to the day after the Blaster worm began tearing through the Internet looking for machines vulnerable to the RPC DCOM exploit, Microsoft Corp. on Wednesday said that there are three newly identified flaws in the RPC protocol in Windows, two of which are quite similar to the one that Blaster attacks.

The most recent vulnerabilities include two buffer overruns and a denial-of-service flaw, all of which are found in the RPCSS service. Specifically, the problems lie in the portion of the service that handles RPC messages for the activation of the Distributed Component Object Model (DCOM).

In all three cases, the vulnerability results from the failure of the RPCSS service to correctly handle malformed messages. An attacker who exploits one of the buffer overruns would be able to run any code he chose on a vulnerable machine. Exploiting the DoS flaw results in the failure of the RPCSS service.

This set of weaknesses is eerily similar to the one that Blaster has been exploiting since Aug. 11. The worm infected hundreds of thousands of PCs and numerous variants were released within a few days.

This new set of vulnerabilities may prove to be fertile ground for worm writers as well, experts say. According to members of Internet Security Systems Inc.s X-Force research team, the DoS vulnerability in the RPCSS service has been known in the cracker community since July and there is a working exploit circulating.

“The only thing thats changed since Blaster is maybe that theres more resistance built up in the networks now as far as filtering of port 135. But aside from that, the scope and seriousness are the same and the exact same conditions exist,” said Dan Ingevaldson, engineering manager for the X-Force at ISS, based in Atlanta. “This is really close [to the earlier RPC DCOM flaw].”

Like the flaw that Blaster exploits, both of the new buffer overruns affect Windows NT 4.0, 2000, XP and Windows Server 2003, and are rated critical. The DoS flaw is only present in Windows 2000, Microsoft said.

To remedy the vulnerabilities, Microsoft, based in Redmond, Wash., issued a new patch that supersedes the one it released to fix the earlier RPC DCOM issue. The company has also released a new scanning tool to determine which systems have the new vulnerabilities. This tool also replaces the one Microsoft wrote to find PCs at risk to the original DCOM flaw.

Discuss this in the eWEEK forum.
Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information