Yet another flaw in Microsoft's core product set, Windows 2000 and XP, identified by eEye Digital Security, could allow an attacker to execute arbitrary code on an unprotected workstation. This vulnerability is caused by a flaw in the network management functions of the DCE/RPC service and a logging function implemented in WKSSVC.DLL. The attack vectors, along the lines of passing long strings to vsprintf() require access to TCP/UDP ports 138, 139 and 445.
It goes without saying that this represents a significant risk to all un protected workstations, and here in lies our criticism of the only just suppressed industry panic, no one should have those ports exposed to the internet. However, given the experience of the industry with SQL Slammer Worm earlier this year we should not be complacent. Related Links DHS/FedCIRC Advisory FA-2003-28 Buffer Overflow in Windows Workstation Service
Microsoft's Security Bulletin MS03-049
Yet another flaw in Microsoft's core product set, Windows 2000 and XP, identified by eEye Digital Security, could allow an attacker to execute arbitrary code on an unprotected workstation. This vulnerability is caused by a flaw in the network management functions of the DCE/RPC service and a logging function implemented in WKSSVC.DLL. The attack vectors, along the lines of passing long strings to vsprintf() require access to TCP/UDP ports 138, 139 and 445.