Thursday, September 11, 2003

Here it comes again!

Bow before the great hacker god! Uh, not facing towards him!

Stand by people! Here it comes again. (I'd have blogged about this earlier but I was in class when I found out about it.) Microsoft has announced two more RPC vulnerabilities and released the patches. Supposedly the exploit code is already on the street (means that both the hackers and Microsoft has known about the vulnerability for a bit).

Now that it's public knowledge, it won't be long before some mouth breather "adapts" the Blaster worm to use the new exploit. Amongst the various people I've talked to so far, the general groupings in the worm pool say, 2 days or just shy of 2 weeks.

Patch your boxes now and block the usual MS RPC ports!

Read about it here, here, here, here and here.

Note that in the PC World article, the Microsoft rep takes the "ignorant" approach in the last three sentences, after claiming that the vulnerabilities were discovered internally as well as by independant sources. Nothing like being truthful, huh?

Misc. notes:

  • the associated DoS exploit is already out
  • the most capable version of the original RPC exploit that I've found via Google is able to attack 48 different versions of MS Windows.
  • According to various hints in the full disclosure list, the exploit has been out for ~3 weeks