ESecurityGuy
USER: Visitor
PRINT PAGE
Home > Free Security Articles > Resource Articles > Critical Windows Vulnerabilities November 18, 2017


Free Newsletter
Free Security Articles
Free Security Software
Free Security Tools

Security News

Feedback Form

Site Map


Username

Password

Click here to register.

Critical Vulnerabilities for Businesses Using Microsoft Windows

There are two critical vulnerabilities for businesses using Microsoft Windows. Both vulnerabilities affect Microsoft's Remote Procedure Call implementation. Specific systems affected are:

  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0 Terminal Services Edition
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
  • Various Nortel Networks Systems

Root Exploit

The first exploit allows an attacker to gain complete control over the system. Programs have been written to exploit this vulnerability, and include code that allows the installation of a "Back Door," which allows continued control and monitoring of a compromised system.

Denial of Service

The second exploit is said to also allow compromise of a system. Microsoft claims that it should only cause a "Denial of Service." Denial of Service (or DOS) attacks render affected computers unusable.

What to do?

  • Block remote access to
    • TCP/UDP Port 135
    • TCP/UDP Port 139
    • TCP/UDP Port 445
  • Install Microsoft's patch described in Bulletin MS03-026

Concerns

The security community sees these vulnerabilities as potentially worse than January 2003's the Sapphire/Slammer Worm which infected 90 percent of vulnerable hosts within 10 minutes of its release. It interfered with ATMs, airlines, elections and general business operations, costing businesses more than $1 billion in its first five days.

Even though firewalls can close access from external hackers, businesses are still vulnerable. Internal employees, which account for the majority of security compromises, and already compromised machines can still exploit the vulnerabilities. Only a multi-tiered security defense system can provide proper protection.

See Also

View Responses (0) Post Response



Free Computer Security Newsletter
Your email address:

Your name:

Listen to Craig on ClearChannel radio every Saturday from 6 to 9am on WGIR, WGIP and WGIN. Visit WGIR

Copyright 2003- 2007 DGKL, Inc. PRINT PAGE