Critical hole in Microsoft's Windows

By Matt Whipp

Posted on 17 Jul 2003 at 10:18

Microsoft has alerted Windows users of a critical flaw in the operating system that could result in an attacker gaining control over a system from a remote location.

The flaw affects the NT line of Windows: from NT 4.0 through to Windows XP and Windows Server 2003, Microsoft's most recent big product launch.

The flaw exists in the Remote Procedure Call (RPC) protocol between computers that allows programs running on one to run code on the other.

There is an error in the way the protocol is used to check messages sent over TCP/IP which can be exploited by sending malformed messages, giving a successful attacker local system privileges through the target system.

RPC messages run on port 135, and Microsoft says that systems behind a firewall should already be protected from attacks from the Internet.

See below for links to patches:

(Patches require a reboot but can be uninstalled.)

Windows NT 4.0 Server | Windows NT 4.0 Terminal Server Edition | Windows 2000 | Windows XP 32 bit Edition | Windows XP 64 bit Edition | Windows Server 2003 32 bit Edition | Windows Server 2003 64 bit Edition

Microsoft also recommends ensuring port 135 is blocked and disabling the Distributed Component Object Model (DCOM) function on affected machines as a workaround.