Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Identifies, Patches Another Critical RPC Hole

Posted by timothy on from the capn-we-need-more-glue-down-here dept.

Dynamoo writes "Microsoft have another critical vulnerability in the Windows NT/2000/XP/2003 line of OSes, allowing a remote attacker to run arbitrary code. In other words, this probably carries about the same risk as the well-documented RPC hole exploited by MSBlaster and Nachi. A Knowledgebase article is also available. Given the experience of the RPC exploit, this probably gives administrators a couple of weeks to patch all the systems in their organisations. Again. Shucks, we haven't even finished patching the RPC flaw yet." You might want to keep your laptop's batteries charged; this NewsForge article suggests that the Blaster worm may have played a role in the August 14th blackout affecting the eastern U.S. Update: 09/10 20:41 GMT by T : Reader AcquaCow suggests that administrators with multiple machines to patch visit Microsoft's Software Update Services (whitepaper), a tool for "managing and distributing critical Windows patches."

3 of 604 comments (clear)

  1. Re:Been there, done that... by Col.+Klink+(retired) · · Score: 5, Informative

    In some places, we actually test that all of our critical applications will continue to run after applying patches to the OS rather than just blindly applying every patch and hoping nothing breaks.

    --

    -- Don't Tase me, bro!

  2. Re:Fine journalism by Anonymous Coward · · Score: 5, Informative
    the worm crashed a Unix server.
    It says, to be more precise, that the worm caused high volumes of network traffic causing the Unix server to malfunction. This wouldn't have happened had they not bridged the office network with the power station network. Guess what machines were on the office network and what operating system they were running and hence how the network was clogged in the first place.
  3. Exploit by the end of the day?!?!?! by djembe2k · · Score: 5, Informative
    FYI: In an article at SecurityFocus, an "expert" says that:
    hackers could launch attacks against unprotected systems as early as day's end. "It's going to be trivial," he said. "This is an instant replay of a few weeks ago."
    And this post from BugTraq today seems also to suggest that there's no reason this won't be in the wild just about any minute.