Todd,
>> Anyone have a clue as to
how Microsoft plans to fix the RPC system to make it more
secure?
Concentrate maybe one or two more people on looking at
error checking on the input into the arrays/buffers in the RPC code?
;op
I mean, really - a vuln lays around waiting for someone to
find it for years, and in this short of a time 3 more vuls are found in roughly
the same area, just different vectors? I sure hope that there is a team
pouring over the code that makes up RPC.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active
Directory
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)
Sent: Wednesday, September 10, 2003 2:15 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] New RPC DOS
Our Microsoft TAM notified us of this new
issue. I waited to give them time to publish it to the various news
sites.
At 9AM PST, PSS will
be announcing a new critical security bulletin (MS03-039). This
bulletin will address an RPC denial-of-service vulnerability in Windows
products. Please take the time today to go to the www.microsoft.com/security site to obtain the patch and
directions for implementation. Just trying to help you stay
one step ahead!
I think it is very
important to get this update on all your DC's even if they are behind a firewall
ASAP. We managed to mitigate blaster but these RPC DOS are starting to get
really nasty.
Anyone have a clue
as to how Microsoft plans to fix the RPC system to make it more
secure?
Thanks,
Todd
Myrick
