Friday, March 28, 2003

Faugh on Microsoft

From the Should-This-Fall-Under-A-Malicious-Vendors-Category? Category:

MS Win NT, XP, & 2000 are susceptible to a vulnerability in the RPC service which listens on port 135. A specially crafted packet causes the RPC service to shutdown, effectively becoming a very economical DoS.

The part of the issue that really stinks is that, while Microsoft has provided patches for XP and 2000, there will be no patch for NT. Microsoft claims that it would be "too hard" to fix.

Yes, there is an easy work-around (if you can live without port 135) but that's not the point. In my opinion, NT owners can consider themselves abandoned.

Still think it's not that important of an issue? Well, let me try another tack...

TechNet has an explanation of how Outlook connects to Exchange. (For those of you in a hurry, click on the link entitled "An Example of RPC Client-Server Communications".) Yes, the article also states that you shouldn't expose port 135 to the Internet but you're going to have to explain that to every small business on the planet that couldn't afford (or understand) a firewall after buying NT Server, Office, and Exchange.

Keep in mind this is only one example. Microsoft systems are commonly connected directly to the Internet by organizations and individuals that don't understand the need for a firewall (or couldn't afford one at the time). TCP port 135 is tied in with the operatio of DHCP, DNS, and WINS. It also has communications between clients and IIS, Active Directory and Exchange.

The end result is that small business owners have "one more reason to upgrade" which stinks (squeeze another $5K out of a small business that is already seeing lean times). That or Bob-from-Accounting won't be able to use his Outlook client from home.


No comments:

Post a Comment