Microsoft Patches RPC Vulnerability Affecting NT 4
- By Stephen Swoyer
- September 12, 2001
Microsoft Corp. this week patched a hole in Windows NT 4.0’s RPC service that leaves NT systems vulnerable to Denial-of-Service (DoS) attacks.
In a bulletin that it dispatched to members of its security listserv, the software giant acknowledged that an attacker who sends a particular kind of malformed data to port 135 – the default port on which RPC’s endpoint mapper “listens” for RPC requests – can cause the RPC service running on Windows NT 4.0 to fail.
Microsoft stressed that Windows 2000 and Windows XP systems are not affected by this vulnerability.
Most Windows-based applications leverage RPC to some extent. The primary services provided by Microsoft’s Exchange mail and messaging and SQL Server database platforms, in particular, are facilitated by RPC. The software giant’s IIS Web server platform, on the other hand, leverages RPC only as a means to provide management facilities. In this regard, IIS’ ability to serve Web pages would not be affected by an attack of this kind.
An attacker who exploits a vulnerability of this kind could cause all RPC-related services to fail. Administrators would then need to reboot an affected system to restore it to normal operation.
Security best practices require that Windows NT systems running Exchange and SQL Server be isolated behind firewalls. Many firewalls restrict access to port 135 by default, and most firewall hardening guidelines advise that external access to this port be restricted. As a result, Microsoft confirms, IT organizations who’ve taken these precautions should only be vulnerable to attacks from within.
Microsoft provided a patch for this vulnerability.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.