News

Microsoft Patches RPC Vulnerability Affecting NT 4

Microsoft Corp. this week patched a hole in Windows NT 4.0’s RPC service that leaves NT systems vulnerable to Denial-of-Service (DoS) attacks.

In a bulletin that it dispatched to members of its security listserv, the software giant acknowledged that an attacker who sends a particular kind of malformed data to port 135 – the default port on which RPC’s endpoint mapper “listens” for RPC requests – can cause the RPC service running on Windows NT 4.0 to fail.

Microsoft stressed that Windows 2000 and Windows XP systems are not affected by this vulnerability.

Most Windows-based applications leverage RPC to some extent. The primary services provided by Microsoft’s Exchange mail and messaging and SQL Server database platforms, in particular, are facilitated by RPC. The software giant’s IIS Web server platform, on the other hand, leverages RPC only as a means to provide management facilities. In this regard, IIS’ ability to serve Web pages would not be affected by an attack of this kind.

An attacker who exploits a vulnerability of this kind could cause all RPC-related services to fail. Administrators would then need to reboot an affected system to restore it to normal operation.

Security best practices require that Windows NT systems running Exchange and SQL Server be isolated behind firewalls. Many firewalls restrict access to port 135 by default, and most firewall hardening guidelines advise that external access to this port be restricted. As a result, Microsoft confirms, IT organizations who’ve taken these precautions should only be vulnerable to attacks from within.

Microsoft provided a patch for this vulnerability.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.