Susan
Wed Sep 10 16:51:50 CDT 2003
Community Bulletin
Trustworthy Computing Security
September 10, 2003
Summary
---
On Wednesday, September 9, 2003, Microsoft released a security bulletin
covering a vulnerability in Windows RPC. The bulletin can be viewed at
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp. This
bulletin supersedes MS03-026, the vulnerability which was exploited by
Blaster. Because Microsoft is committed to keeping customers'
information safe, this document provides additional information to
address those concerns.
Microsoft has identified a new security vulnerability in Windows and
today released a security bulletin to address this vulnerability.
Microsoft continues to recommend that customers follow the 1,2,3 steps
as outlined in the recent "Protect Your PC" (PYP) campaign, and
encourages customers to enable a firewall, like ICF in Windows XP, to
protect systems from attacks.
>>Customers who have implemented the 1,2,3 steps and enabled a
firewall, such as ICF in Windows XP, are protected from potential
exploits of this issue.
>>Similarly, customers who have enabled AutoUpdate features as
recommended will automatically have this patch downloaded and applied.
---
The update released today fixes three critical vulnerabilities in the
RPC component of the Windows operating system.
MS03-039 supersedes and incorporates additional fixes beyond the scope
of MS03-026 released in July. Customers are encouraged to exclusively
install MS03-039 to address the new vulnerabilities and those formerly
fixed in security bulletin MS03-026.
---
Currently there are no known exploits of these vulnerabilities; however,
if exploited, these vulnerabilities could allow an attacker to execute
code on the system.
---
Microsoft strongly urges all customers to apply the patch, but in
addition, corporate customers should ensure that their firewalls block
ports facing the internet and consumers should ensure that they have
enabled firewall technology such as ICF on their laptops and desktops.
Additional guidance for corporate customers can be found at
http://www.microsoft.com/technet/security/protect.
---
Microsoft continues to invest in efforts, tools and services to help
both enterprises and consumers protect their systems from attackers who
exploit vulnerabilities.
The vulnerability patched in MS03-026 prompted a fresh and in-depth
internal review of RPC. Additionally, Microsoft customers continue to
benefit from relationships with the security research community. As a
result, MS03-039 patches issues were discovered during our internal
investigation as well as externally reported issues.
---
Microsoft has updated the DCOM/RPC scanning tool for IT professionals
and network administrators which helps identify unpatched machines.
Customers should be aware that best results will be found by using the
updated scanning tool rather than the MS03-026 scanning tool.
---
New Webcast: In an effort to better communicate with customers,
Microsoft will be conducting a webcast to provide guidance on Protecting
Your PC and details of MS03-039. This web cast is available at
http://www.microsoft.com/usa/webcasts/upcoming/2373.asp
---
PYP Tool: To improve and simplify the PYP (Protect Your PC) 1,2,3 steps
on /protect, Microsoft has developed a new tool to help automate steps
outlined in "Protect Your PC" which configures ICF and AutoUpdate in
Windows XP.
---
Microsoft continues to recommend that all customers regularly employ
security protection measures such as those outlined in the "Protect Your
PC" campaign (www.microsoft.com/protect).
---
Consumers
* Use an Internet Firewall on all PCs and Laptops: An Internet firewall
can help prevent outsiders from getting to your computer through the
Internet. If you use Microsoft Windows® XP, enable the built-in
firewall. This is the primary means to mitigate vulnerability in MS03-039.
* Update Your Computer: Windows XP includes the automatic updates
feature (Windows Update) which can automatically download the latest
Microsoft security updates.
* Use Up-to-Date Antivirus Software: Installing, configuring and
maintaining antivirus protection is absolutely essential.
---
Businesses
* Verify firewall configuration - Audit Internet and intranet firewalls
to ensure they comply with your security policy as a first line of
defense; best practices recommend blocking all ports that are not
actually being used - This is the primary means to mitigate
vulnerability in MS03-039
* You should also protect your network by requiring employees to take
the same three steps that are outlined at www.microsoft.com/protect with
home PCs or Laptops that they use to connect to your enterprise. It is
very important that PCs and Laptops that VPN or RAS into your network
should be protected by a firewall like ICF.
* Stay up-to-date - Keep your systems up-to-date with the latest
information subscribing to Microsoft's free security notification
service and using Microsoft update services to automatically obtain fixes
* Use Up-to-Date Antivirus Software - Installing, configuring, and
maintaining antivirus protection is absolutely essential
---
Additional Detail:
The IT Pro bulletin can be found at
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
The Consumer bulletin can be found at
http://www.microsoft.com/security/security_bulletins/ms03-039.asp
Susan Bradley wrote:
>
http://www.microsoft.com/security/security_bulletins/ms03-
> 039.asp
>
> another nasty one!!! Heads up