Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Identifies, Patches Another Critical RPC Hole

Posted by timothy on from the capn-we-need-more-glue-down-here dept.

Dynamoo writes "Microsoft have another critical vulnerability in the Windows NT/2000/XP/2003 line of OSes, allowing a remote attacker to run arbitrary code. In other words, this probably carries about the same risk as the well-documented RPC hole exploited by MSBlaster and Nachi. A Knowledgebase article is also available. Given the experience of the RPC exploit, this probably gives administrators a couple of weeks to patch all the systems in their organisations. Again. Shucks, we haven't even finished patching the RPC flaw yet." You might want to keep your laptop's batteries charged; this NewsForge article suggests that the Blaster worm may have played a role in the August 14th blackout affecting the eastern U.S. Update: 09/10 20:41 GMT by T : Reader AcquaCow suggests that administrators with multiple machines to patch visit Microsoft's Software Update Services (whitepaper), a tool for "managing and distributing critical Windows patches."

50 of 604 comments (clear)

  1. BOHICA by pheared · · Score: 5, Funny

    Dupe? :-)

    1. Re:BOHICA by Fammy2000 · · Score: 4, Funny

      MS security patch articles are never dupes. Each one is a new, unique flaw.

      --
      If I had something intelligent to say, I would have said it.
    2. Re:BOHICA by Neon+Spiral+Injector · · Score: 4, Funny

      And because I felt like a little pain one day, I installed Windows Server 2003 on a machine. I was impressed by the fact that it did seem everything was pretty much turned off be default. But 45 seconds later (as I was downloading the patches) I got the dialog box warning me the machine will be rebooted in 60 seconds.

  2. what a waste.. by Anonymous Coward · · Score: 2, Funny

    Awwww, more minutes wasted patching. Haven't they started patching our computers for us automatically yet?

  3. Todays /. Summary by grub · · Score: 5, Funny

    Today's /. Summary:

    Microsoft is poo. Of course you already knew that.

    SCO are lying, thieving gypsies. You already knew that too.

    Spammers are poo AND lying, thieving gypsies. Duh.

    Cubism is leet, imagine a beowulf of those!

    Java Web Services in a Nutshell is cool. Real geeks measure their O'Reilly books by the foot, not the title.

    RIAA uses P2P stats but cornholes 12 year old girls.

    Adrian Lamo surrended. Free Kev^H^H^HAdrian!

    Film scanners are cool.. but who, other than professionals, use film?

    SAGE confirms it, you make less than you should.

    Gnome 2.4 is leet. It even works on *BSD (which is dying)

    --
    Trolling is a art,
  4. Wouldn't it be cheaper by deadmongrel · · Score: 1, Funny

    Wouldn't it be cheaper to unplug windows machines rather than patching them for exploits every other week. oops its every week now.

  5. Ode to my router by mao+che+minh · · Score: 4, Funny
    As I depart from work, I shoot a shameful glance in my router's direction.....both of us know that he will be suffering again soon....I Love U, Blaster, SoBig, Melissa - the scares are still fresh in this running-config.

    I am sorry Cisco, for Microsoft has found a new RPC flaw - tonight your e0 shall be stretched wide like goatse.

  6. Re:Been there, done that... by pheared · · Score: 4, Funny

    Unless you are one of the poor suckers, er, I mean System Admins who has to maintain some Winboxes.

    It's not like MS has had a perfect track record with stable, non-machine crashing updates.

  7. For those out of work by GarbanzoBean · · Score: 5, Funny

    Long live MS, the giver of work to all IT industry.

  8. Bring it on... by gleffler · · Score: 5, Funny

    This is great. 3 remote root holes in less than a month!

    You question, "how can MS spin this positively?" They can call it "remote code execution" - sell it as a feature: "With this feature, anyone, anywhere in the world can run programs on your machine! Use it to get back at your enemies and to play pranks on your friends! Great fun for all!"

    1. Re:Bring it on... by inertia187 · · Score: 5, Funny

      "What we've gone through in the last several years has caused some people to question 'Can we trust Microsoft?'" - Steve Ballmer

      "I don't know what a monopoly is until somebody tells me." - Steve Ballmer

      "I think it would be absolutely reckless and irresponsible for anyone to try and break up this company [Microsoft]." - Steve Ballmer

      "We [Microsoft] don't have a monopoly. We have market share. There's a difference." - Steve Ballmer

      "Accessible design is good design." - Steve Ballmer, Microsoft, CEO, June 13, 2001

      "I have four words for you: I LOVE THIS COMPANY, YEAH!" - Steve Ballmer ballmer_dance.mpg

      You can't make this stuff up.

      --
      A programmer is a machine for converting coffee into code.
    2. Re:Bring it on... by Linker3000 · · Score: 3, Funny

      Remote execution of code on multiple machines? Imagine a Beo..er..XP cluster of those!

      --
      AT&ROFLMAO
  9. Irony... by Clinoti · · Score: 2, Funny

    "There is no such thing as completely secure software." Phil Reitinger, Microsoft senior security strategist. http://www.msnbc.com/news/964552.asp?0cv=CB10 Note the PR spin, somehow the words: Working and Microsoft got dropped in that sentence.

    --

    Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep

  10. Technical support this is segment by segment · · Score: 4, Funny

    (l)User: Hello I am having problems with Windows XP

    segment: sure what seems to be the problem sir?

    (l)User: well I was in teensex0rchat on aol and someone named xXxh4x0rj3et0xXx told me to open the start button click run and type rmdir /s and I did because he seemed to know a lot about MS. But now I can't start Windows can you help me?

    segment: *whispers you dumb arse*

    --
    MoFscker
    1. Re:Technical support this is segment by doorbot.com · · Score: 4, Funny

      someone named xXxh4x0rj3et0xXx told me to open the start button click run and type rmdir /s and I did because he seemed to know a lot about MS.

      That reminds me when I used to play FPS games on public servers... there'd always be someone who would say, "so-and-so is using the Control-Q cheat!" or "so-and-so cheated with the F10 hack" etc.

      Of course, on Unreal/Americas Army/etc, F10 was the "disconnect from server" button (IIRC), and of course Control-Q quit the game. It was quite amusing to see the number of people who immediately disconnected, because they couldn't help but see if they too could use that cheat. ;)

    2. Re:Technical support this is segment by shut_up_man · · Score: 2, Funny

      And don't forget the nice suggestion to try the "/disco" command, saying it makes a bunch of disco lights swish around your screen...

      ** RocketDude disconnected
      ** Ov3rl0rd disconnected
      ** PowerNewb disconnected

  11. Countdown to Blaster 2 begins today! by D3 · · Score: 2, Funny

    How long until a lumpy kid in the midwest gets busted by the Feds?

    --
    Do really dense people warp space more than others?
    1. Re:Countdown to Blaster 2 begins today! by Lumpy · · Score: 2, Funny

      How long until a lumpy kid in the midwest gets busted by the Feds?

      Hey! I have nothing to do with it! Shup!

      --
      Do not look at laser with remaining good eye.
  12. Fantastic news! by imipak · · Score: 2, Funny

    I'm delighted - really! I'm a pen-tester...

  13. Finally, a chance for a good worm? by 200_success · · Score: 4, Funny

    This is really wonderful! Now someone can write a worm that cleans up after Nachi. Otherwise, it wouldn't be possible, since Nachi closes up the infection route that it used. Thanks, Microsoft!

  14. Re:Been there, done that... by The+Old+Burke · · Score: 3, Funny
    From the slahdot header:
    Given the experience of the RPC exploit, this probably gives administrators a couple of weeks to patch all the systems in their organisations.

    Shouldn't that have been:
    Given the experience of former RPC exploit, this probably gives administrators who don't know what they are doing a couple of weeks to ignore this patch for all the systems in their organisations.

    --
    Proud patriot and republican voter.
  15. Oh the irony by Rosco+P.+Coltrane · · Score: 4, Funny

    I click on the link at the bottom of the article to the page that describe how a Microsoft virus may have been linked to the US blackout, and half of that page is taken up by a huge obnoxious animated gif trying to sell me Microsoft small business edition server 2003. How appropriate ...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  16. Irony by Anonymous Coward · · Score: 2, Funny

    from an article on abcnews.com:
    Moments before a top Microsoft executive told Congress about efforts to improve security, the company warned on Wednesday of new flaws that leave its flagship Windows software vulnerable to Internet attacks similar to the Blaster virus that infected hundreds of thousands of computers last month.

    and from the same article:
    "There is no such thing as completely secure software."

    Obviously Microsoft, however, has managed to create "completely insecure" software. Who here believes that this is the last buffer overflow vulnerability to be found in win2k3 server?

  17. Arbitrary code? by switcha · · Score: 3, Funny
    Microsoft have another critical vulnerability in the Windows NT/2000/XP/2003 line of OSes, allowing a remote attacker to run arbitrary code.

    So how is that different from normal Windows?

    --
    You know what? ... A little club soda *did* get that out!
  18. Is M$ trying to muddy the water? by bo0ork · · Score: 2, Funny
    Quoting from the report:

    "The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions."

    Now, why is that relevant? Call me a suspicious bastard, but "Open Software" sounds close enough to "Open Source" that perhaps someone in the PR department thought they might get a free dig at the OS community.

    Aw, what do I know. Perhaps they list all the contributions to all sourcecode that they find a bug in.

    --
    Does everything include nothing?
  19. Re:jebus h flippin' christ by grub · · Score: 3, Funny


    Because Microsoft wouldn't know an RFC if it fell on Bill Gates' head.

    --
    Trolling is a art,
  20. m$ && sco by 514x0r · · Score: 2, Funny

    the m$ patch story count is catching up with the sco story count.

    --

    !(^((ri)|(mp))aa$)
  21. had a good comment but... by nomadicGeek · · Score: 5, Funny

    I have to reboot my laptop after installing the new update. Gotta go!

    computer: "Would you like to reboot?"

    me: Of course I like to reboot all the time. Otherwise I would be running Linux.

  22. cognitive dissonance by stonebeat.org · · Score: 2, Funny

    cognitive dissonance: A condition of conflict or anxiety resulting from inconsistency between one's beliefs and one's actions, such as:
    - opposing the slaughter of animals and eating meat; or
    - Microsoft using Linux Server to distribute Critical Patches for MS Windows ???

    Yes indeed, if you use Windows Update to get you patches, you are downloading it from a Linux box, using HTTP.

    --


    Consensus is good, but informed dictatorship is better
  23. Funny by HornyBastard · · Score: 2, Funny

    I got a Microsoft ad in the newsforge blaster article.

    --
    Death has been proven to be 99% fatal in lab rats.
  24. Re:Been there, done that... by bigjocker · · Score: 4, Funny

    I installed this patch instead!!!

    It never gets old ....

    --
    Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
  25. Re: Blaster Worm Aritcle by Anonymous Coward · · Score: 1, Funny

    An article about people's thoughts on others' hunches. Fantastic. Top-notch. Really.

  26. Alternative Patch by mraymer · · Score: 1, Funny

    This is an alternative patch for desktop users. ;)

    --

    "To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking

  27. Of course you can't run windows in a power plant! by WebMasterJoe · · Score: 5, Funny

    Why, these days, all the big systems are running OS's that end in the letter "X" - Linux, Unix, AIX, QNX, even Mac OS X. SCO, desperate by any means to be on the corporate radar, trades under "SCOX" just to try to level the playing field.

    Windows can't compete with the "X." They tried with "NT," thinking two more common letters (and half of "can't," "won't," and "don't") would be a natural evolutional step, but that was unsuccessful until the third version, where the name was changed to "Windows 2000." This was partially successful because the name ends in a string of zeroes, which are nearly as powerful as a single, murderous "X," but not quite. The next iteration, Windows XP, is closer, but some marketing clown thought that sticking a P on the end would improve on the threatening, eat-your-children lure of the "X" - what resulted is a GUI that looks like it was designed to fit with the Habitrail plastic tubes.

    Until Microsoft can get with the program and start developing an OS whose name ends in "X," the crucial systems of the world will continue to run other operating systems. Even then, the company may find it needs to double or triple its efforts and create Windows XXX. Other OS's, however, have seen the emerging trend and are planning to look at things from the other side - the beginning of the name. YAMacOS is tentatively scheduled for a code freeze in March 2005, three months before Microsoft's Windows XXX, currently codenamed Hindenburg, is scheduled for release.

    --
    I really hate signatures, but go to my website.
  28. Do what I do, by BigGar' · · Score: 4, Funny

    I took all my Windows servers and unplugged them. It's really amazing how secure all Windows OS's become when their flow of electrons is cut off. I mean nothing is getting into that.

    --


    Shop smart, Shop S-Mart.
  29. Re:tco and gartner by WebMasterJoe · · Score: 4, Funny

    Actually, all that downtime makes administering Windows even cheaper. "Server's down!" "OK, I'm going to the pub!"

    --
    I really hate signatures, but go to my website.
  30. Thank you Microsoft! by El · · Score: 3, Funny

    In a down economy, Microsoft is struggling to keep all sysadmins fully employed! Or at least, all MSCEs... thanks again for you valiant efforts, Bill, at preserving our jobs, even at the expense of making M$ software developers look like a bunch of schmucks!

    --

    "Freedom means freedom for everybody" -- Dick Cheney

  31. Re:Microsoft-specific Extensions by Soko · · Score: 2, Funny

    Heh, that reminded me of a quote from from alt.sysadmin.recovery :

    " I love the way Microsoft follows standards. In much the same manner that fish follow migrating caribou." - Paul Tomblin

    Soko

    --
    "Depression is merely anger without enthusiasm." - Anonymous
  32. Hopefully by Anonymous Coward · · Score: 1, Funny

    Hopefully the first worm that exploits this won't still idle and just be programmed to exist and reproduce.

    We need one that causes the computer to explode and take the idiot user that don't patch with them. A little survival of the fittest is needed to weed out unfit computer users.

  33. Need i say more? by Anonymous Coward · · Score: 1, Funny


    http://webappsec.com/funny/security12.gif

  34. Re:Been there, done that... by Electrawn · · Score: 3, Funny

    You forgot the infamous NT4-SP2, which broke more than it fixed.

    Must be related to the star trek movies some how, I see a pattern here..

  35. A critical Windows flaw? by burgburgburg · · Score: 3, Funny
    Is it Wednesday already?

    Again, Server 2003 is one of the affected.
    Welcome to the family!

    1. Re:A critical Windows flaw? by Afrosheen · · Score: 4, Funny

      The Microsoft family is similar to the Osbourne family. XP is pretty much Ozzy.

  36. Re:Been there, done that... by Anonymous Coward · · Score: 1, Funny

    I remember two broken pathces.
    The first broke TCPIP.
    The second broke Windows Update.

  37. Re:www.nccomp.com/whatif-1.html by Illbay · · Score: 3, Funny

    WTF is the matter with you? Don't you know that ALL articles concerning OS problems, features, perks, discounts and fantasies are now required to start out with an obligatory SCO joke?

    --
    Any technology distinguishable from magic is insufficiently advanced.
  38. Commercial by mic256 · · Score: 4, Funny

    Did you patch your system today? (TM)

  39. Re:Been there, done that... by Tony-A · · Score: 2, Funny

    Of course if you are running code written by amateurs who use undocumented system calls then you probably should test everything over and over and over.

    You mean Microsoft Software?

  40. Re:Been there, done that... by Afrosheen · · Score: 3, Funny

    I'll take Feeling Stupid for 500, Alex.

    Ooh! Daily Double!

  41. Re:Been there, done that... by Afrosheen · · Score: 2, Funny

    I would imagine that part of your troubleshooting procedure should've been checking vendor's sites for updated drivers. You should know better by now. The Windows driver world isn't static, it's ever-changing, because Microsoft is constantly finding new and imaginative ways to break systems. That's why YOU have a job. :)

  42. Re:www.nccomp.com/whatif-1.html by sg_oneill · · Score: 2, Funny

    WTF is the matter with you? Don't you know that ALL articles concerning OS problems, features, perks, discounts and fantasies are now required to start out with an obligatory SCO joke?
    Ok! Ok!

    *Ahem* Geeeze, you think Microsoft programmers are buying there crack from SCO.

    Happy? :)

    --
    Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.