RPC Vulnerability Threatens Windows with DoS Attacks

A recently discovered vulnerability in the Remote Procedure Call (RPC) subsystem in Windows NT, 2000, and XP threatens to provide hackers with a means to perform Denial of Service (DoS) attacks, Microsoft said yesterday. And while the company has already

Paul Thurrott

March 26, 2003

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A recently discovered vulnerability in the remote procedure call (RPC) subsystem in Windows XP, Windows 2000, and Windows NT 4.0 could make the OSs susceptible to Denial of Service (DoS) attacks, Microsoft said yesterday. And although the company has already created a patch for XP and Win2K users, Microsoft says that major changes in RPC since the release of NT 4.0 prevent the company from creating a patch for that OS. Instead, NT 4.0 users can use the workaround described on the Microsoft Web site.

The RPC service lets applications on a local computer call functions in applications residing on a remote computer in the same network. Microsoft notes in its advisory that taking advantage of a vulnerability in this service, attackers can create an application that can send malformed requests to RPC, causing the RPC service to fail.

This week's RPC vulnerability follows a serious Win2K flaw that Microsoft announced a week ago and that involves ntdll.dll, one of the core Win2K system library files. According to the CERT Coordination Center (CERT/CC), this library file has a buffer-overflow vulnerability that is actively exploited on WWW Distributed Authoring and Versioning (WebDAV)-enabled Microsoft Internet Information Services (IIS) 5.0 servers, which could let remote attackers execute arbitrary code on unpatched systems. The organization recommends that sites running Win2K apply a patch or disable the WebDAV service as soon as possible. You can download the patch from Microsoft's Web site.

Links:
Microsoft Security Bulletin MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks
Windows 2000 Security Patch: IIS Remote Exploit from ntdll.dll Vulnerability

About the Author

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like