copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » AusCERT N... » AU-2003.010 -- AusCERT Update - Exploit Code Publicl...
 

AU-2003.010 -- AusCERT Update - Exploit Code Publicly Available For Recent Microsoft RPC Vulnerability
Date: 29 July 2003
References: ESB-2003.0525  ESB-2003.0561  ESB-2003.0579  ESB-2003.0590  ESB-2003.0636  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----

AusCERT Update AU-2003.010 - Exploit Code Publicly Available For Recent
Microsoft RPC Vulnerability
28 July 2003
29 July 2003 UPDATED

AusCERT advises that an exploit has now been published for the Microsoft
Remote Procedure Call (RPC) vulnerability described in AusCERT ALERT
AL-2003.11, "Buffer Overrun In RPC Interface Could Allow Code Execution
(Q823980) - Microsoft Security Bulletin MS03-026":

	http://national.auscert.org.au/render.html?it=3260

An increased threat now exists for sites that have yet to apply patches
available from Microsoft, detailed in Microsoft Security Bulletin MS03-026:

	http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

Conjecture amongst Internet security experts is that a worm based on this
exploit may be developed, leading to an attack of similar scale to the
previous MS-SQL "Slammer" worm.

The U.S. Department of Homeland Security has published an advisory on this
issue at:

	http://www.nipc.gov/warnings/advisories/2003/Potential72403.htm

System administrators are again urged by AusCERT to apply the available
Microsoft patches and block access to TCP/UDP ports 135, 139 and 445 at
their network borders. Other ports, such as 80 and 593, may also provide
access to RPC services and these should be filtered as necessary and where
possible.  Sites should additionally consider disabling DCOM services, as
described in MS03-026, if they are not explicitly required.

Regards,

The AusCERT Team

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBPyXk7yh9+71yA2DNAQGGigP/fj8/25ymdw4R839b4wJyy0chc4f7JI8o
ghY1oB8kQDWwzgs25knqTiVkF7eB7cwQYi7ecy90CUVL2DqYRFcCKKe0IA9S+kIZ
I8MooQqv1qAw3GelyHljWA8hQ/KxaYjQWzzvOXWqTG1g9r8CUoQt1DEgK7tS8p3E
tK9DejQA/Nk=
=wkYc
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=2998&it=3291