News

Critical Windows Flaw a Potential Springboard for Damaging Worm

Microsoft is feverishly trying to get users to apply a patch it released two weeks ago for a critical RPC vulnerability that affects most supported versions of Windows before a widespread worm based on the vulnerability can break out.

Several hacker sites last week published exploit code, an important precursor to the outbreak of a major worm similar to SQL Slammer or Nimda.

Microsoft took the unusual step of plastering notices about the vulnerability on non-security pages all over its Web site. The notices appear on the main Microsoft homepage and on several Windows-related Microsoft pages.

"Action for Windows users: Read Security Bulletin MS03-026, and install the security patch immediately," an alert headline in the upper right corner of Microsoft's homepage reads.

There have also been reports that Microsoft is issuing e-mail alerts outside of its normal security bulletin notification service to urge users to apply the patch, which was first posted on July 16.

The flaw is a huge problem because it can allow an attacker to remotely take control of a system. Affected platforms include Windows Server 2003, Windows 2000, Windows NT 4.0 and Windows XP. Windows 98 and Windows 98 SE are no longer supported and were not tested. Windows Me was found not to be vulnerable. Chinese and U.S.-based coders have already released exploit code that takes advantage of the vulnerability, and that code has been downloaded extensively.

The problem involves a buffer overrun vulnerability in the Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. RPC is a protocol in Windows to allow a program on one computer to execute code on a remote system.

An attack would be similar to the highly damaging SQL Slammer and Nimda attacks, in that any worm written to exploit the problem would be released weeks or months after the patch was first issued.

A Gartner bulletin on Monday noted that there has also been widespread scanning of ports 135 and 445, which allow connections to Windows-based RPC services such as Active Directory. Gartner interprets the increase in scanning as another sign that a full-scale assault is imminent. "Enterprises should immediately ensure that Internet firewalls block the vulnerable services, use access control lists in routers to segment their networks and block the affected ports, and patch all Windows servers and desktops," Gartner analysts John Pescatore and Richard Stiennon wrote.

The Microsoft patch is available here:
www.microsoft.com/technet/security/bulletin/MS03-026.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.