|
archives If you want an RSS feed try this 
Saturday, August 02, 2003
 Microsoft and the Windows RPC vulnerability seems to be causing every major pundit in the industry to be a little nervous. CERT has issued a major advisory, CERT® Advisory CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface laying out the details of the potential exploit. Even the Department of Homeland Security's National Infrastructure Protection Centre have issued a warning in which they claim a 'Potential for significant Impact on internet operations..'. The SANS institute top port scan list shows that there is a significant trend upwards on port 445 (Windows SMB) but no other significant changes. In addition netbios-ns (137), www (80), and ms-sql-m (1434) make up the top 4. They are currently posting it as a green/yellow alert, indicating some 2000 sources are scanning for the flaw.
So what's the significance of this activity? Well apart from the obvious, i.e. read the CERT advisory for the technical data. It looks to ecommnet we have another Slammer worm style of incident looming. True it has the potential to be even bigger but our (my ®©)original criticism still holds true, no public system should have the afflicted ports exposed on the internet, don't use DCOM on a web facing machine, and definitely don't use DCOM through the firewall.
Related Links
MSS flaw highlights e-security laziness
The same MSS flaw article in The Register
Department of Homeland Security Advisory (updated)
MSFT bulletin (MS03-026)
Growing fears over net threat
posted by Robert Campbell 10:03 AM
|
