HOME
 | UTORprotect |
DOCUMENTATION
 |
AMS/ROSI
 |
SERVICES
 |
CONTACT
UTORprotect
Backup & Recovery
Compromised Systems
Endpoint Security Policy System
Firewalls
Malicious Code
Network Security Policy
Open-Source Firewall
Password Usage Guidelines
Phishing 
Security Incident Reporting
Spam
Spyware 
Symantec Anti-Virus
Windows Security Maintenance
Windows Incident Response
Windows Security

Critical Microsoft RPC Vulnerability

Microsoft has announced a critical RPC vulnerability that can be exploited over the network without authentication which makes it 'wormable'. Please arrange to install the available update as soon as possible.

Details

  • ports 139 and 445 are involved in the vulnerability. For all versions of Windows, these ports are blocked to the Internet by default via the internal firewall. However, they may be opened to local subnet traffic for Windows Share functionality.
  • Windows 2000, XP, Server 2003 can be fully compromised from the network if the ports are not firewalled. Vista and Server 2008 require authentication for the compromise to occur.
  • The University Internet gateway routers block inbound traffic to the affected ports. This does not prevent a possible internal attack.
  • Domain controllers and other Microsoft servers are by their nature likely to have ports 139 and 445 open.

References:


http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
http://blogs.technet.com/mmpc/archive/2008/10/23/get-protected-now.aspx
http://blogs.msdn.com/sdl/

 

©2011 - University of Toronto Information + Technology Services. All Rights Reserved.