New RPC Hole in Windows

[manadren_it]

Security Bulliten
Knowledgebase Article

Yet another hole in the Remote Procedure Call like the one exploited by the Blaster Worm. Hurry up and get patched before some other moron decides to launch a worm.

Archived topic from Iceteks, old topic ID:1309, old post ID:11518

[Red Squirrel]

Man, this is horrible! I don't know how Microsoft does it? They need to revise ALL their code completly. There's too many security problems!

Archived topic from Iceteks, old topic ID:1309, old post ID:11520

[Wren]

Thanks, I got patched today.

What would happen if I just disabled RPC in services? Is that only used if you are networking pcs?

Archived topic from Iceteks, old topic ID:1309, old post ID:11521

[manadren_it]

Nope, you can't disable RPC.. it may seem like it's only needed for networking PCs, but for some reason it's critical to normal operation.

Archived topic from Iceteks, old topic ID:1309, old post ID:11523

[Wren]

Ok, thanks.

Archived topic from Iceteks, old topic ID:1309, old post ID:11524

[manadren_it]

ok, technically you could disable RPC, windows won't really stop you, but expect things to go splat upon doing so. I wouldn't recommend it

Archived topic from Iceteks, old topic ID:1309, old post ID:11527

[Wren]

I did disable it to see what would happen. Guess I didn't leave it off long enough for the splat!

Archived topic from Iceteks, old topic ID:1309, old post ID:11529

[Chris Vogel]

Thanks for the heads-up! I will have to do that first thing tomorrow!

Archived topic from Iceteks, old topic ID:1309, old post ID:11533

[Wren]

It's not a big file tak, if you want to do it tonight.

Archived topic from Iceteks, old topic ID:1309, old post ID:11541

[Triple6_wild]

as if windows doesnt suck enuff lmao i will grab that b4 i go to bed lol

Archived topic from Iceteks, old topic ID:1309, old post ID:11546

[Red Squirrel]

I did disable it to see what would happen. Guess I didn't leave it off long enough for the splat!

Windows can be funny. If you do something that can screw it up, it will always wait till you least expect it.

What does RPC do anything? Is it designed *for* viruses to communicate? That's all I know about that it can do lol.

Archived topic from Iceteks, old topic ID:1309, old post ID:11548

[Wren]

I was curious as the fix for the Blaster worm said you had to disable RPC in order to get the fix, since the worm was causing the pc to reboot every two minutes. I never read anything about why you needed to turn it back on.

Archived topic from Iceteks, old topic ID:1309, old post ID:11557

[rovingcowboy]

really the trouble is the dcom and you can shut that off. there is a program though for you to check the computer connection go to

http://grc.com/default.htm

and use the shields up to check your computer and then get the dcombobulator program and use it to see if your system is open for attack from that route then you can turn it off if you want to. it is only used for controling app's on your computer from remote or some such thing like that.

that program will tell you what it is for.

good luck. my computer is in 100% stealth mode.

Archived topic from Iceteks, old topic ID:1309, old post ID:11585

[Wren]

I read about that the other day, I think it uses port 135.

I'm patched and stealthed! Good thing too since my ZA has been very busy for the last few weeks!

Archived topic from Iceteks, old topic ID:1309, old post ID:11593