Skip Links

Organizations scramble to patch Microsoft flaws

By , IDG News Service
September 11, 2003 05:09 PM ET

IDG News Service - Organizations that use Microsoft's Windows software were scrambling Thursday to patch vulnerable systems after the company sent word on Wednesday of three more critical Windows software vulnerabilities.

Marathon patching sessions, anti-virus updates and expressions of frustration with the Redmond, Wash., software maker were the norm, as systems administrators rushed to protect themselves from any other Blaster-style worm that may appear and exploit the new security holes.

The critical holes were found in an interface to a Windows component called the RPCSS service and affected almost every version of Windows. The RPCSS service processes messages using the RPC (Remote Procedure Call) protocol, which software programs running on different machines use to communicate, according to Microsoft Security Bulletin MS03-039

That made the latest bulletin similar to another recent RPC vulnerability, MS03-026, which was later used by the W32.Blaster and W32.Welchia worms to infect computers worldwide.

For that reason and others, companies affected by the new vulnerabilities wasted no time in mobilizing staff to patch their Windows systems.

IT staff at the Maryland Department of the Environment immediately began deploying patches to affected servers and user workstations. The department manages about 1,200 machines in total, with Windows on almost 100% of the workstations and many of its servers, according to Hank Torrance, lead networks specialist at the Department.

Unlike their colleagues in the state's Motor Vehicle Administration who had to contend with a massive Blaster outbreak, staff at the Department of Environment successfully applied the earlier Microsoft RPC patch, MS03-026, in July and were spared Blaster's wrath, Torrance said.

The department is using the same approach with the latest vulnerabilities: relying on the built-in Windows Update feature to patch desktops and Novell's ZENworks configuration management tool to push the patch out to affected Windows servers, he said.

The Blaster worm had a profound effect on the way that technical staff at Young Electric Sign Co. (YESCO) reacted to Microsoft's announcement.

The Salt Lake City maker of custom signs and electric displays spent five days in August digging out from the Welchia (or "Nachi") worm, a Blaster derivative, which infected around 50 of the company's 650 host machines and shut down operations in two branch offices, according to Bret Anderson, network manager at YESCO.

In the past the company's reaction to patches, including the last major RPC patch, was relaxed, he said.

"You know, Microsoft comes out with patches once a week. So we'd say 'maybe I'll get to it this week, maybe next week,'" Anderson said.

Generally, staff was prompt in patching servers, according to Anderson.

"But clients? Whatever," he said.

This time around, Anderson summoned the other network administrators immediately upon learning of the new RPC holes and called for an all-out effort to get affected systems patched, he said.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News