Windows flaw could allow denial of service attacks

A security bug in a network function of Windows NT 4, 2000 and XP can expose computers running those operating systems to a denial of service attack, Microsoft Corp. warned.

The flaw lies in Microsoft’s implementation of a protocol called RPC (Remote Procedure Call) that allows applications on a computer to call applications on another computer in a network. An attack on the RPC service could cause the networking services on the system to fail, Microsoft said in a security bulletin Wednesday. The bulletin can be found online at www.microsoft.com/technet/

security/bulletin/MS03-010.asp.

An attack would be carried out by sending a malformed request to the RPC endpoint mapper, a service that holds connection information on all RPC processes on that machine. The mapper listens on TCP/IP (Transmission Control Protocol/Internet Protocol) port 135, generally accessible from within a company network, but typically blocked for external traffic by a firewall, mitigating the risk of an attack from the Internet, Microsoft said.

A patch to fix the problem is available for Windows 2000 and Windows XP, but there is no patch for Windows NT 4.0 because of major changes in the RPC software since the release of Windows NT 4.0, according to Microsoft. Windows NT 4.0 users should install a firewall and filter traffic on port 135, the vendor said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now