DoS attack warning for windows 2000/xp

Posted by: paradox

DoS attack warning for windows 2000/xp - 10/16/03 09:00 AM

Security experts are warning of a flaw that could allow hackers to launch a denial of service (DoS) attack against PCs running Windows 2000 and XP.

The vulnerability, in the Microsoft Remote Procedure Call (RPC) service, was discovered by security firm Internet Security Systems (ISS).

ISS warned that the flaw affects PCs even with the most current Windows patches installed, including computers patched against the devastating RPC flaw described in Microsoft Security Bulletin MS03-039.

According to ISS, the DoS vulnerability exists by exploiting the race condition, allowing attackers to crash the Microsoft RPC service and/or force vulnerable systems to reboot.

But the firm added that "significant barriers exist" which may prevent reliable exploitation outside controlled lab conditions.

ISS said that Microsoft has not yet released a patch for the vulnerability, and urged network administrators to assess external exposure to vulnerabilities associated with Microsoft services running on ports 135, 137, 138, 139, 445 and 593 on both the network perimeter and VPN connections.

Speaking at Microsoft's Partner Summit in New Orleans last week, chief executive Steve Ballmer criticised security researchers and their methods of disclosing vulnerabilities early.

"These are people who discover vulnerabilities, and it's part of their job to go public with them," he said.

"What we have done over the last six months is intersect with them to make sure disclosure is done in a more responsible way. I wish these people would just be quiet, but that's not going to happen."

ISS countered that it had speeded up disclosure of the vulnerability because tools are in circulation to demonstrate the DoS condition.

source: vnunet