News

Microsoft Patches RPC Vulnerability Affecting NT 4

Microsoft Corp. this week patched a hole in Windows NT 4.0’s RPC service that leaves NT systems vulnerable to Denial-of-Service (DoS) attacks.

In a bulletin that it dispatched to members of its security listserv, the software giant acknowledged that an attacker who sends a particular kind of malformed data to port 135 – the default port on which RPC’s endpoint mapper “listens” for RPC requests – can cause the RPC service running on Windows NT 4.0 to fail.

Microsoft stressed that Windows 2000 and Windows XP systems are not affected by this vulnerability.

Most Windows-based applications leverage RPC to some extent. The primary services provided by Microsoft’s Exchange mail and messaging and SQL Server database platforms, in particular, are facilitated by RPC. The software giant’s IIS Web server platform, on the other hand, leverages RPC only as a means to provide management facilities. In this regard, IIS’ ability to serve Web pages would not be affected by an attack of this kind.

An attacker who exploits a vulnerability of this kind could cause all RPC-related services to fail. Administrators would then need to reboot an affected system to restore it to normal operation.

Security best practices require that Windows NT systems running Exchange and SQL Server be isolated behind firewalls. Many firewalls restrict access to port 135 by default, and most firewall hardening guidelines advise that external access to this port be restricted. As a result, Microsoft confirms, IT organizations who’ve taken these precautions should only be vulnerable to attacks from within.

Microsoft provided a patch for this vulnerability.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

  • Is Microsoft Finally Reinventing Office?

    Microsoft is testing out a new technology called "Fluid Framework." It could mean that Brien's dream of one Office app to rule them all might soon become reality.

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.