Hello You Web Services
Home > News > Patch to Windows Vulnerability MS03-010 applied [Himalayan Websites]

Lahaul, Himachal Pradesh, India

Patch to Windows Vulnerability MS03-010 applied
[Himalayan Websites]

by MegaNetServe Technical Services and Himalayan Websites, 26 March 2003

Dear Customer,

Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the OSF (Open Software Foundation) RPC protocol, but with the addition of some Microsoft specific extensions.

There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerabilty affects the RPC Endpoint Mapper process, which
listens on TCP/IP port 135. The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service.

To exploit this vulnerability, an attacker would need to establish a TCP/IP connection to the Endpoint Mapper process on a remote machine. Once the connection was established, the attacker would begin the RPC connection negotiation before transmitting a malformed message. At this point, the process on the remote machine would fail. The RPC Endpoint Mapper process is responsible for maintaining the connection information for all of the processes on that machine using RPC. Because the Endpoint Mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions.

Microsoft has provided patches with this bulletin to correct this vulnerability for Windows 2000 and Windows XP. Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerability for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability. Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ in the bulletin, which is to protect the NT 4.0 system with a firewall that blocks Port 135.

Regards,
Mohan Kapoor, Himalayan Websites

Subject: Microsoft Security Bulletin MS03-010
Title: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)
Date: 26 March, 2003
Software: Microsoft Windows 2000, Windows XP
Impact: Denial of Service
Max Risk: Important
Bulletin: MS03-010

Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/ms03-010.asp
http://www.microsoft.com/security/security_bulletins/ms03-010.asp

helloyou web services by Clearing Systems Inc.