Microsoft vunerability could gain momentum.Microsoft released a security bulletin (MS03-026) describing a buffer-overflow in the Microsoft Windows RPC (Remote Procedure Call) A programming interface that allows one program to use the services of another program in a remote machine. The calling program sends a message and data to the remote program, which is executed, and results are passed back to the calling DCOM (Distributed Component Object Model) Formerly Network OLE, it is Microsoft's technology for distributed objects. DCOM is based on COM, Microsoft's component software architecture, which defines the object interfaces. interface. This vulnerability is exploitable on all non-patched Windows installations that are common these days. While recent communications have focused on perimeter exploits designed to compromise hosts through TCP ports 135, 139, and 445, Ubizen warns of deepening threats to this vulnerability, which can be exploited using UDP UDP (uridine diphosphate): see uracil. (User Datagram Protocol) A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required. . UDP leaves the door wide-open to spoofed source address-usage and denial-of-service worms, much like the recent SQL Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process Worm. Once this scenario expands, the internal network, which is largely populated by Microsoft Windows-based PCs, will become the target of the worm and depending of the worms capabilities, could render the network and the PC's inoperable with potential loss of data on all un-patched Windows-systems. Ubizen is available to discuss how the threat can spread and gain www.ubizen.com |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion