News

DCOM Hole That Enabled Blaster Wider Than Originally Thought

The security hole in the Microsoft DCOM infrastructure in most supported versions of Windows is wider than the company originally feared.

Microsoft released a critical new patch on Wednesday that fixed three new vulnerabilities in the DCOM Remote Procedure Call (RPC) on almost all supported versions of Windows. The patch, MS03-039, supersedes the patch included with bulletin MS03-026, which Microsoft desperately urged corporate and home users to apply in the weeks leading up to the MS Blaster worm. Blaster was written to exploit the hole that Microsoft disclosed and patched in bulletin MS03-026. While Blaster was rated a critical problem, it was actually somewhat worse than the typical critical bulletin because it could be exploited without any user action.

What the new patch means is that there are several vulnerabilities that continue to be open to Blaster-style attacks. So while systems were protected against Blaster by MS03-026, even systems that have that patch won't be protected against any worms written to exploit the new vulnerabilities.

Two of the new vulnerabilities could allow an attacker to take complete control of a user's machine. The new vulnerabilities affect Windows Server 2003, Windows XP, Windows 2000 and Windows NT 4.0. The problem is serious enough that Microsoft went ahead and created a patch for Windows NT 4.0 Workstation and for Windows 2000 with Service Pack 2 even though both are no longer supported.

Microsoft also created a new network scanning tool to help administrators find unpatched systems.

The Microsoft bulletin is available here:
www.microsoft.com/technet/security/bulletin/MS03-039.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

  • Microsoft Browser Support for TLS 1.0 and 1.1 Ending 2H 2020

    Microsoft announced on Tuesday that its plans to drop support for Transport Layer Security (TLS) protocols 1.0 and 1.1 in its browsers will get delayed by a few months until the second half of this year.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.