Stop the latest M$ exploit worm virus thing before it kills your machine...

[StuartD]

They say it's the "worst expoit in history" so read up and stop it now while you can.
What does this worm let the attacker do? "Let's attacker run code of their choice"... so ya know that's not good.

IMPACT
The recently announced Remote Procedure Call (RPC) vulnerability in computers running Microsoft Windows operating systems listed above could be exploited to allow the execution of arbitrary code or could cause a denial of service state in an unprotected computer. Because of the significant percentage of Internet-connected computers running Windows operating systems and using high speed connections (DSL or cable for example), the potential exists for a worm or virus to propagate rapidly across the Internet carrying payloads that might exploit other known vulnerabilities in switching devices, routers, or servers.

DETAILS
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The vulnerability results from the handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines (such as Universal Naming Convention (UNC) paths) to the server. An attacker who successfully exploited this vulnerability would be able to run code with local system privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.

RECOMMENDATION
Due to the seriousness of the RPC vulnerability, DHS and Microsoft encourage system administrators and computer owners to take this opportunity to update vulnerable versions of Microsoft Windows operating systems as soon as possible. Microsoft updates, workarounds, and additional information are available at http://microsoft.com/technet/treevie...n/MS03-026.asp

DHS and Microsoft further suggest that Internet Service Providers and network administrators consider blocking TCP and UDP ports 135, 139, and 445 for inbound connections unless absolutely needed for business or operational purposes.

Source Department of Homeland Security

[wsjb78]

Quote:

Originally posted by StuartD
They say it's the "worst expoit in history" so read up and stop it now while you can.

Don't they say this always?

Anyway, thx for the info Stuart. I just blocked those ports!

[StuartD]

Quote:

Originally posted by wsjb78
Don't they say this always?

Anyway, thx for the info Stuart. I just blocked those ports!

yeah well, the last time they said it was Code Red, and they were right... but that was only for win2k/nt servers...
this one is for xp as well, which kinda hits more at home.

Also, Code Red's only purpose was to propogate. This one will let an attacker run any command or code they want on your machine.

So on a grand scale... Code Red had more limits than this one.