Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Identifies, Patches Another Critical RPC Hole

Posted by timothy on from the capn-we-need-more-glue-down-here dept.

Dynamoo writes "Microsoft have another critical vulnerability in the Windows NT/2000/XP/2003 line of OSes, allowing a remote attacker to run arbitrary code. In other words, this probably carries about the same risk as the well-documented RPC hole exploited by MSBlaster and Nachi. A Knowledgebase article is also available. Given the experience of the RPC exploit, this probably gives administrators a couple of weeks to patch all the systems in their organisations. Again. Shucks, we haven't even finished patching the RPC flaw yet." You might want to keep your laptop's batteries charged; this NewsForge article suggests that the Blaster worm may have played a role in the August 14th blackout affecting the eastern U.S. Update: 09/10 20:41 GMT by T : Reader AcquaCow suggests that administrators with multiple machines to patch visit Microsoft's Software Update Services (whitepaper), a tool for "managing and distributing critical Windows patches."

29 of 604 comments (clear)

  1. BOHICA by pheared · · Score: 5, Funny

    Dupe? :-)

    1. Re:BOHICA by Fammy2000 · · Score: 4, Funny

      MS security patch articles are never dupes. Each one is a new, unique flaw.

      --
      If I had something intelligent to say, I would have said it.
    2. Re:BOHICA by Neon+Spiral+Injector · · Score: 4, Funny

      And because I felt like a little pain one day, I installed Windows Server 2003 on a machine. I was impressed by the fact that it did seem everything was pretty much turned off be default. But 45 seconds later (as I was downloading the patches) I got the dialog box warning me the machine will be rebooted in 60 seconds.

  2. Todays /. Summary by grub · · Score: 5, Funny

    Today's /. Summary:

    Microsoft is poo. Of course you already knew that.

    SCO are lying, thieving gypsies. You already knew that too.

    Spammers are poo AND lying, thieving gypsies. Duh.

    Cubism is leet, imagine a beowulf of those!

    Java Web Services in a Nutshell is cool. Real geeks measure their O'Reilly books by the foot, not the title.

    RIAA uses P2P stats but cornholes 12 year old girls.

    Adrian Lamo surrended. Free Kev^H^H^HAdrian!

    Film scanners are cool.. but who, other than professionals, use film?

    SAGE confirms it, you make less than you should.

    Gnome 2.4 is leet. It even works on *BSD (which is dying)

    --
    Trolling is a art,
  3. Ode to my router by mao+che+minh · · Score: 4, Funny
    As I depart from work, I shoot a shameful glance in my router's direction.....both of us know that he will be suffering again soon....I Love U, Blaster, SoBig, Melissa - the scares are still fresh in this running-config.

    I am sorry Cisco, for Microsoft has found a new RPC flaw - tonight your e0 shall be stretched wide like goatse.

  4. Re:Been there, done that... by pheared · · Score: 4, Funny

    Unless you are one of the poor suckers, er, I mean System Admins who has to maintain some Winboxes.

    It's not like MS has had a perfect track record with stable, non-machine crashing updates.

  5. For those out of work by GarbanzoBean · · Score: 5, Funny

    Long live MS, the giver of work to all IT industry.

  6. Bring it on... by gleffler · · Score: 5, Funny

    This is great. 3 remote root holes in less than a month!

    You question, "how can MS spin this positively?" They can call it "remote code execution" - sell it as a feature: "With this feature, anyone, anywhere in the world can run programs on your machine! Use it to get back at your enemies and to play pranks on your friends! Great fun for all!"

    1. Re:Bring it on... by inertia187 · · Score: 5, Funny

      "What we've gone through in the last several years has caused some people to question 'Can we trust Microsoft?'" - Steve Ballmer

      "I don't know what a monopoly is until somebody tells me." - Steve Ballmer

      "I think it would be absolutely reckless and irresponsible for anyone to try and break up this company [Microsoft]." - Steve Ballmer

      "We [Microsoft] don't have a monopoly. We have market share. There's a difference." - Steve Ballmer

      "Accessible design is good design." - Steve Ballmer, Microsoft, CEO, June 13, 2001

      "I have four words for you: I LOVE THIS COMPANY, YEAH!" - Steve Ballmer ballmer_dance.mpg

      You can't make this stuff up.

      --
      A programmer is a machine for converting coffee into code.
    2. Re:Bring it on... by Linker3000 · · Score: 3, Funny

      Remote execution of code on multiple machines? Imagine a Beo..er..XP cluster of those!

      --
      AT&ROFLMAO
  7. Technical support this is segment by segment · · Score: 4, Funny

    (l)User: Hello I am having problems with Windows XP

    segment: sure what seems to be the problem sir?

    (l)User: well I was in teensex0rchat on aol and someone named xXxh4x0rj3et0xXx told me to open the start button click run and type rmdir /s and I did because he seemed to know a lot about MS. But now I can't start Windows can you help me?

    segment: *whispers you dumb arse*

    --
    MoFscker
    1. Re:Technical support this is segment by doorbot.com · · Score: 4, Funny

      someone named xXxh4x0rj3et0xXx told me to open the start button click run and type rmdir /s and I did because he seemed to know a lot about MS.

      That reminds me when I used to play FPS games on public servers... there'd always be someone who would say, "so-and-so is using the Control-Q cheat!" or "so-and-so cheated with the F10 hack" etc.

      Of course, on Unreal/Americas Army/etc, F10 was the "disconnect from server" button (IIRC), and of course Control-Q quit the game. It was quite amusing to see the number of people who immediately disconnected, because they couldn't help but see if they too could use that cheat. ;)

  8. Finally, a chance for a good worm? by 200_success · · Score: 4, Funny

    This is really wonderful! Now someone can write a worm that cleans up after Nachi. Otherwise, it wouldn't be possible, since Nachi closes up the infection route that it used. Thanks, Microsoft!

  9. Re:Been there, done that... by The+Old+Burke · · Score: 3, Funny
    From the slahdot header:
    Given the experience of the RPC exploit, this probably gives administrators a couple of weeks to patch all the systems in their organisations.

    Shouldn't that have been:
    Given the experience of former RPC exploit, this probably gives administrators who don't know what they are doing a couple of weeks to ignore this patch for all the systems in their organisations.

    --
    Proud patriot and republican voter.
  10. Oh the irony by Rosco+P.+Coltrane · · Score: 4, Funny

    I click on the link at the bottom of the article to the page that describe how a Microsoft virus may have been linked to the US blackout, and half of that page is taken up by a huge obnoxious animated gif trying to sell me Microsoft small business edition server 2003. How appropriate ...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  11. Arbitrary code? by switcha · · Score: 3, Funny
    Microsoft have another critical vulnerability in the Windows NT/2000/XP/2003 line of OSes, allowing a remote attacker to run arbitrary code.

    So how is that different from normal Windows?

    --
    You know what? ... A little club soda *did* get that out!
  12. Re:jebus h flippin' christ by grub · · Score: 3, Funny


    Because Microsoft wouldn't know an RFC if it fell on Bill Gates' head.

    --
    Trolling is a art,
  13. had a good comment but... by nomadicGeek · · Score: 5, Funny

    I have to reboot my laptop after installing the new update. Gotta go!

    computer: "Would you like to reboot?"

    me: Of course I like to reboot all the time. Otherwise I would be running Linux.

  14. Re:Been there, done that... by bigjocker · · Score: 4, Funny

    I installed this patch instead!!!

    It never gets old ....

    --
    Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
  15. Of course you can't run windows in a power plant! by WebMasterJoe · · Score: 5, Funny

    Why, these days, all the big systems are running OS's that end in the letter "X" - Linux, Unix, AIX, QNX, even Mac OS X. SCO, desperate by any means to be on the corporate radar, trades under "SCOX" just to try to level the playing field.

    Windows can't compete with the "X." They tried with "NT," thinking two more common letters (and half of "can't," "won't," and "don't") would be a natural evolutional step, but that was unsuccessful until the third version, where the name was changed to "Windows 2000." This was partially successful because the name ends in a string of zeroes, which are nearly as powerful as a single, murderous "X," but not quite. The next iteration, Windows XP, is closer, but some marketing clown thought that sticking a P on the end would improve on the threatening, eat-your-children lure of the "X" - what resulted is a GUI that looks like it was designed to fit with the Habitrail plastic tubes.

    Until Microsoft can get with the program and start developing an OS whose name ends in "X," the crucial systems of the world will continue to run other operating systems. Even then, the company may find it needs to double or triple its efforts and create Windows XXX. Other OS's, however, have seen the emerging trend and are planning to look at things from the other side - the beginning of the name. YAMacOS is tentatively scheduled for a code freeze in March 2005, three months before Microsoft's Windows XXX, currently codenamed Hindenburg, is scheduled for release.

    --
    I really hate signatures, but go to my website.
  16. Do what I do, by BigGar' · · Score: 4, Funny

    I took all my Windows servers and unplugged them. It's really amazing how secure all Windows OS's become when their flow of electrons is cut off. I mean nothing is getting into that.

    --


    Shop smart, Shop S-Mart.
  17. Re:tco and gartner by WebMasterJoe · · Score: 4, Funny

    Actually, all that downtime makes administering Windows even cheaper. "Server's down!" "OK, I'm going to the pub!"

    --
    I really hate signatures, but go to my website.
  18. Thank you Microsoft! by El · · Score: 3, Funny

    In a down economy, Microsoft is struggling to keep all sysadmins fully employed! Or at least, all MSCEs... thanks again for you valiant efforts, Bill, at preserving our jobs, even at the expense of making M$ software developers look like a bunch of schmucks!

    --

    "Freedom means freedom for everybody" -- Dick Cheney

  19. Re:Been there, done that... by Electrawn · · Score: 3, Funny

    You forgot the infamous NT4-SP2, which broke more than it fixed.

    Must be related to the star trek movies some how, I see a pattern here..

  20. A critical Windows flaw? by burgburgburg · · Score: 3, Funny
    Is it Wednesday already?

    Again, Server 2003 is one of the affected.
    Welcome to the family!

    1. Re:A critical Windows flaw? by Afrosheen · · Score: 4, Funny

      The Microsoft family is similar to the Osbourne family. XP is pretty much Ozzy.

  21. Re:www.nccomp.com/whatif-1.html by Illbay · · Score: 3, Funny

    WTF is the matter with you? Don't you know that ALL articles concerning OS problems, features, perks, discounts and fantasies are now required to start out with an obligatory SCO joke?

    --
    Any technology distinguishable from magic is insufficiently advanced.
  22. Commercial by mic256 · · Score: 4, Funny

    Did you patch your system today? (TM)

  23. Re:Been there, done that... by Afrosheen · · Score: 3, Funny

    I'll take Feeling Stupid for 500, Alex.

    Ooh! Daily Double!