We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Blaster II, perhaps

Microsoft warns of new security holes

Only weeks after the appearance of the Blaster worm, Microsoft yesterday released a software patch for still more holes similar to those Blaster exploited.

The three new vulnerabilities are all rated "critical" and could be used by a remote attacker to take control of vulnerable systems, installing programs or changing data stored on a hard drive, Microsoft said.

The three security vulnerabilities affect the DCOM (distributed component object model) interface to a Windows component called the RPCSS service. That service processes messages using the RPC (remote procedure call) protocol, according to a Microsoft security bulletin MS03-039 that describes the problem.

All of Microsoft's supported operating systems are affected, except for Windows ME (Millennium Edition), the company said.

Malicious hackers could exploit the vulnerability by creating a program to send improperly formatted RPC messages to the RPCSS service on a vulnerable machine. Those messages could cause a buffer overflow that would enable attackers to place and run their own computer code on the machine, Microsoft said.

The security holes are "very similar" to a vulnerability disclosed in July in bulletin MS03-026, according to Jeff Jones, senior director of trustworthy computing security at Microsoft.

Code to exploit that vulnerability appeared on the internet shortly after the release of the MS03-026 security bulletin. Within weeks, an internet worm using that exploit code, W32.Blaster, was released, infecting hundreds of thousands of computers worldwide.

The patch released yesterday also covers the earlier RPC hole and supersedes that earlier patch. Microsoft now recommends customers apply MS03-039 instead of the MS03-026 patch, Jones said.

To prevent a similar occurrence with the new RPC vulnerabilities, Microsoft is encouraging customers to use firewall software to block access to unnecessary communications ports such as those used by Blaster. Home users should also enable the automatic update and automatic install features on Windows XP and other Windows operating systems, which will automatically download and install the new patch, Jones said.

A special web page contains information on better securing Windows systems, he said.

For enterprise customers and others who need more technical information about the new vulnerabilities, Microsoft released an updated network scanning tool that can identify vulnerable Windows systems. The company will also host a webcast on Friday.

Microsoft doesn't know of any attacks that use the vulnerabilities, Jones said.

He declined to comment on whether current versions of the Blaster worm might be modified to exploit the new vulnerabilities.

"I don't want to speculate about different ways that people might try to exploit these vulnerabilities," he said

IDG UK Sites

What to watch on Netflix: The 95 best movies on Netflix UK 2015

IDG UK Sites

Race to claim thinnest smartphone is pointless: Let's focus on the important things

IDG UK Sites

Free indie comics: Nobrow launches a digital comics iPad app

IDG UK Sites

Apple Q1 2015 financial results: Analysts predict Apple's holiday quarter sales ahead of Tuesday's...