• United States

Weird Windows: RPC attack?

Aug 18, 20031 min
NetworkingSmall and Medium BusinessVulnerabilities

Windows machines in our network started acting strangely two weeks ago. Windows XP machines have rebooted repeatedly, file sharing doesn’t work, and Word complains about Office Assistant being installed improperly. When we try to go to the Windows Update site, we get a blank page. Is this related to the Remote Procedure Call security advisory Microsoft recently released?

You might be the victim of attacks based on the recently announced Microsoft RPC buffer overflow problem. Installing the patch provided in the MS03-026 security bulletin could give you access to the Windows Update page, so the rest of your critical updates can be installed.

The worms based on this Distributed Component Object Model exploit install root kits that download additional attack software, so the only secure response is to reinstall everything from clean media after reformatting the hard drive, and then patch the system before reconnecting it to the network.

Because few will do this, you should patch Windows systems before they are compromised.

Recent antivirus software updates will identify and clean out some worm variants. Perimeter firewalls protect most business networks, but home and academic environments that do not block Windows networking ports from the Internet are vulnerable.