News

DCOM Hole That Enabled Blaster Wider Than Originally Thought

The security hole in the Microsoft DCOM infrastructure in most supported versions of Windows is wider than the company originally feared.

Microsoft released a critical new patch on Wednesday that fixed three new vulnerabilities in the DCOM Remote Procedure Call (RPC) on almost all supported versions of Windows. The patch, MS03-039, supersedes the patch included with bulletin MS03-026, which Microsoft desperately urged corporate and home users to apply in the weeks leading up to the MS Blaster worm. Blaster was written to exploit the hole that Microsoft disclosed and patched in bulletin MS03-026. While Blaster was rated a critical problem, it was actually somewhat worse than the typical critical bulletin because it could be exploited without any user action.

What the new patch means is that there are several vulnerabilities that continue to be open to Blaster-style attacks. So while systems were protected against Blaster by MS03-026, even systems that have that patch won't be protected against any worms written to exploit the new vulnerabilities.

Two of the new vulnerabilities could allow an attacker to take complete control of a user's machine. The new vulnerabilities affect Windows Server 2003, Windows XP, Windows 2000 and Windows NT 4.0. The problem is serious enough that Microsoft went ahead and created a patch for Windows NT 4.0 Workstation and for Windows 2000 with Service Pack 2 even though both are no longer supported.

Microsoft also created a new network scanning tool to help administrators find unpatched systems.

The Microsoft bulletin is available here:
www.microsoft.com/technet/security/bulletin/MS03-039.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Azure Active Directory ID Protection 'Refresh' Now Available

    Microsoft's enhancements to the Azure Active Directory Identity Protection service are now said to be "generally available" (GA), or ready for commercial use, per a Wednesday announcement.

  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.