Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

DCE RPC Vulnerabilities New Attack Vectors Analysis

Dec 11, 2003 5:07AM PST

Date Published: 2003-12-10
Last Update: 2003-12-10
Advisory ID: CORE-2003-12-05
Title: DCE RPC Vulnerabilities New Attack Vectors Analysis
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL: http://www.coresecurity.com/common/showdoc.php?idx=393&idxseccion=10

Vendors contacted:
- Microsoft
. Core notification: 2003-12-09
. Notification acknowledged by Microsoft: 2003-12-09

Release Mode: USER RELEASE
*Vulnerability Description:*

Core Security Technologies researchers discovered new attack vectors for recently published vulnerabilities in Microsoft Windows operating systems.

These new attack methods were found while researching exploitation conditions for the Workstation Service vulnerability discovered by eEye Digital Security and disclosed in Microsoft security bulletin MS03-049 of November 11th, 2003.

They might also apply to other vulnerabilities such as the DCE RPC DCOM and the Messenger service vulnerabilities addresses by bulletins MS03-001, MS03-026 and MS03-043.

We found that by combining three protocol characteristics common to the vulnerabilities mentioned, an attacker can devise more severe, stealthy and low-noise attack vectors than those originally concieved. This creates the opportunity for malicious software to compromise large numbers of vulnerable systems in a massive scale, much like the Blaster and Slammer worms that caused great damage earlier in 2003.

Core Security Technologies urges users of Microsoft Windows operating systems to deploy the available patches for these vulnerabilities as they effectively fix the problem. Suggested workarounds should be revisited to ensure that they address all currently known attack vectors properly (including the new ones disclosed in this advisory).


*Vulnerable Packages:*

Microsoft RPC services running on Windows 2000 and Windows XP.


*Solution/Vendor Information/Workaround:*

Patches are readily available to fix the vulnerabilities and close all known attack vectors.

See Microsoft Security Bulletins [MS03-001], [MS03-026], [MS03-043], [MS03-049]:

http://www.microsoft.com/technet/security/bulletin/MS03-001.asp
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
http://www.microsoft.com/technet/security/bulletin/MS03-043.asp
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp

http://www.securityfocus.com/advisories/6163

Discussion is locked