Critical Vulnerabilities for Businesses Using Microsoft Windows
There are two critical vulnerabilities for businesses using Microsoft
Windows. Both vulnerabilities affect Microsoft's Remote Procedure
Call implementation. Specific systems affected are:
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 Terminal Services Edition
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server 2003
- Various Nortel Networks Systems
The first exploit allows an attacker to gain complete control over the
system. Programs have been written to exploit this vulnerability, and
include code that allows the installation of a "Back Door," which
allows continued control and monitoring of a compromised system.
Denial of Service
The second exploit is said to also allow compromise of a system.
Microsoft claims that it should only cause a "Denial of Service." Denial
(or DOS) attacks render affected computers unusable.
What to do?
- Block remote access to
- TCP/UDP Port 135
- TCP/UDP Port 139
- TCP/UDP Port 445
- Install Microsoft's patch described in Bulletin MS03-026
The security community sees these vulnerabilities as potentially
worse than January 2003's the
Sapphire/Slammer Worm which infected 90 percent of vulnerable
hosts within 10 minutes of its release. It interfered with ATMs,
airlines, elections and general business operations, costing
businesses more than $1 billion in its first five days.
Even though firewalls can close access from external hackers,
businesses are still vulnerable. Internal employees, which account
for the majority of security compromises, and already compromised
machines can still exploit the vulnerabilities. Only a multi-tiered
security defense system can provide proper protection.