RPC Vulnerability Threatens Windows with DoS Attacks

A recently discovered vulnerability in the remote procedure call (RPC) subsystem in Windows XP, Windows 2000, and Windows NT 4.0 could make the OSs susceptible to Denial of Service (DoS) attacks, Microsoft said yesterday. And although the company has already created a patch for XP and Win2K users, Microsoft says that major changes in RPC since the release of NT 4.0 prevent the company from creating a patch for that OS. Instead, NT 4.0 users can use the workaround described on the Microsoft Web site.

The RPC service lets applications on a local computer call functions in applications residing on a remote computer in the same network. Microsoft notes in its advisory that taking advantage of a vulnerability in this service, attackers can create an application that can send malformed requests to RPC, causing the RPC service to fail.

This week's RPC vulnerability follows a serious Win2K flaw that Microsoft announced a week ago and that involves ntdll.dll, one of the core Win2K system library files. According to the CERT Coordination Center (CERT/CC), this library file has a buffer-overflow vulnerability that is actively exploited on WWW Distributed Authoring and Versioning (WebDAV)-enabled Microsoft Internet Information Services (IIS) 5.0 servers, which could let remote attackers execute arbitrary code on unpatched systems. The organization recommends that sites running Win2K apply a patch or disable the WebDAV service as soon as possible. You can download the patch from Microsoft's Web site.

Links:
Microsoft Security Bulletin MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks
Windows 2000 Security Patch: IIS Remote Exploit from ntdll.dll Vulnerability