- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
A security bug in a network function of Windows NT 4, 2000 and XP can expose computers running those operating systems to a denial-of-service attack, Microsoft warned.
The flaw lies in Microsoft's implementation of a protocol called RPC, or Remote Procedure Call, that allows applications on a computer to call applications on another computer in a network. An attack on the RPC service could cause the networking services on the system to fail, Microsoft Wednesday said in security bulletin MS03-010.
An attack would be carried out by sending a malformed request to the RPC endpoint mapper, a service that holds connection information on all RPC processes on that machine. The mapper listens on TCP/IP port 135, generally accessible from within a company network, but typically blocked for external traffic by a firewall, mitigating the risk of an attack from the Internet, Microsoft said.
A patch to fix the problem is available for Windows 2000 and Windows XP, but there is no patch for Windows NT 4.0 because of major changes in the RPC software since the release of Windows NT 4.0, according to Microsoft. Windows NT 4.0 users should install a firewall and filter traffic on port 135, the vendor said.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment