[Driftstörning] Fwd: ISS Security Brief: Multiple Vulnerabilities in Microsoft RPC Service

[Gunnar Lindberg]

Ledsen att förmedla mer sten på redan tung börda.

Runda bordet har nyss fått kopia från annat håll; <netinfo> bör också
informeras. Nya MS-patchar för/mot RPC-problemet.

Jag tror ingen har missat ökningen i antalet knäckta system nu efter
sommaren, för den är tämligen dramatisk. Ingen kan säga om det beror
på denna sorts fel och att många inte har lagt in nödvändiga patchar
tillräckligt snabbt, men det kan tyvärr vara så.

Det kan tyvärr också vara så att eventuella kryphål/backdoors redan
finns installerade och alltså finns kvar oavsett nya patchar. Därför
bör patcharna kompletteras med en genomgång av varje maskin - om den
har tjänster igång som inte borde vara där (öppna/aktiva portar) så
måste de stängas av och eventuella backdoor-program tas bort.

IRT <abuse at chalmers.se> hjälper gärna till att leta efter tjänster
genom att "scanna" maskiner mha "nmap"

	Gunnar Lindberg, IRT

>From alert-admin at iss.net  Wed Sep 10 20:26:00 2003
>Message-Id: <200309101710.h8AHAOj06595 at ra.iss.net>
>To: alert at iss.net
>From: X-Force <xforce at iss.net>
>Subject: ISS Security Brief: Multiple Vulnerabilities in Microsoft RPC Service
>List-Help: <mailto:alert-request at iss.net?subject=help>
>List-Post: <mailto:alert at iss.net>
>List-Subscribe: <https://atla-mm1.iss.net/mailman/listinfo/alert>,
>	<mailto:alert-request at iss.net?subject=subscribe>
>List-Id: ISS security alert advisories <alert.iss.net>
>List-Unsubscribe: <https://atla-mm1.iss.net/mailman/listinfo/alert>,
>	<mailto:alert-request at iss.net?subject=unsubscribe>
>List-Archive: <https://atla-mm1.iss.net/mailman/private/alert/>
>Date: Wed, 10 Sep 2003 13:10:24 -0400 (EDT)

>-----BEGIN PGP SIGNED MESSAGE-----

>Internet Security Systems Security Brief
>September 10, 2003

>Multiple Vulnerabilities in Microsoft RPC Service

>Synopsis:

>Microsoft has released a security bulletin (MS03-039) detailing three
>distinct vulnerabilities in the Windows RPC (Remote Procedure Call)
>functionality. One of the vulnerabilities disclosed is a denial of
>service condition, or DoS. The additional two vulnerabilities are buffer
>overflow vulnerabilities, and are significantly more serious in nature.

>Impact:

>The flaws described in this advisory are similar in nature and scope as
>the flaw described in Microsoft Security Bulletin MS03-026, and the ISS
>Security Alert titled, "Flaw in Microsoft Windows RPC Implementation".
>The new DoS vulnerability was disclosed by a hacking group in China on
>July 25, 2003, and functional exploit code is already in use on the
>Internet. The additional two new issues may allow remote attackers to
>compromise and gain complete control of vulnerable systems. 

>The MS Blast and Nachi worms propagated via the vulnerabilities disclosed
>in MS03-26, and X-Force believes that there is significant potential for
>the creation and propagation of a serious Internet worm that exploits one
>or both of the newly disclosed RPC vulnerabilities.

>For the complete ISS X-Force Security Alert, please visit: 
http://xforce.iss.net/xforce/alerts/id/152
>______

>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2

>iQCVAwUBP19Z7zRfJiV99eG9AQGJRAQAkZi3vJo72AD0jxanyXIxEIx+gbmOSo3o
>lDGu1pYD+wYAA2TY6//lIEj/ZuvBnjBexY65BQGgANnLB8NM7qbcbSWU0k3gei44
>LX9nEpMvHs3MFfgu8G9cxJchAbXNnbLVCwQvF8tSJPw6zOXdk/H9eWEb6o/ynqC3
>I95o0ipspBY=
>=l+vz
>-----END PGP SIGNATURE-----