News

DCOM Hole That Enabled Blaster Wider Than Originally Thought

The security hole in the Microsoft DCOM infrastructure in most supported versions of Windows is wider than the company originally feared.

Microsoft released a critical new patch on Wednesday that fixed three new vulnerabilities in the DCOM Remote Procedure Call (RPC) on almost all supported versions of Windows. The patch, MS03-039, supersedes the patch included with bulletin MS03-026, which Microsoft desperately urged corporate and home users to apply in the weeks leading up to the MS Blaster worm. Blaster was written to exploit the hole that Microsoft disclosed and patched in bulletin MS03-026. While Blaster was rated a critical problem, it was actually somewhat worse than the typical critical bulletin because it could be exploited without any user action.

What the new patch means is that there are several vulnerabilities that continue to be open to Blaster-style attacks. So while systems were protected against Blaster by MS03-026, even systems that have that patch won't be protected against any worms written to exploit the new vulnerabilities.

Two of the new vulnerabilities could allow an attacker to take complete control of a user's machine. The new vulnerabilities affect Windows Server 2003, Windows XP, Windows 2000 and Windows NT 4.0. The problem is serious enough that Microsoft went ahead and created a patch for Windows NT 4.0 Workstation and for Windows 2000 with Service Pack 2 even though both are no longer supported.

Microsoft also created a new network scanning tool to help administrators find unpatched systems.

The Microsoft bulletin is available here:
www.microsoft.com/technet/security/bulletin/MS03-039.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.