It had to happen... there is a new Microsoft security vulnerability, again related to RPC, but different from the last vulnerability, which was responsible for the MSBlast and Nachi worms, and agin could result in a remote system compromise.

The full range of NT based products is affected:

Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server(r) 4.0
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003

Windows 95/8/ME are not affected.

More details for this vulnerability, and the download location for the patch, can be found here:
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp

If you haven't already done so, you might want to consider blocking the ports used for Windows LAN services on your firewall, ie UDP ports 135, 137, 138, 445
and TCP ports 135, 139, 445, 593.

If you have just finished the process of patching for the previous
RPC vulnerability (MS03-026), you will need to go and do it all over again for this one :uhoh:

If you haven't yet patched for the previous RPC vulnerability, you can use the new patch as it includes the previous patch (MS03-026) as well as the new one.

:mad:

Thanks for the heads up mate. All done and dusted. Cheers. :ok:

RomeoTangoFoxtrotMike,

Nice job!

Reading all the latest vulnerabilities being exploited, reinforces the need for Firewalls.

Anyone that does not have a firewall setup should think about getting one.

The best solution is a hardware firewall, especially for anyone with a broadband, always on, connection to the net. The money spent on a router is well worth it for the added security you get.

Take Care,

Richard

Richard,

Thank-you and you're welcome :)

I agree about the poor quality of software firewalls, at least the "general purpose" versions sold to go on general purpose computers.

I'm off for a well-earned beer now :), having been grappling with the side-effects of this all day (more "political" than technical :( )

Will post a little something on the subject of firewalls later.

[ Edited, as our posts crossed :) ]

RTFM, thanks.

Having already this week rebuilt Win 2000 on two desktops and three laptops I was a frequent visitor to the MS Update site and noticed the new Security Fix KB824146. So they are right on to it.

As to Richard's comment about Hardware vs Software Firewalls, I run ZoneAlarmPro behind the hardware firewall of my Router and wonder why I bother because the log never shows any activity.

Unless I'm taking a laptop on the road, of course, and then it's another matter.

On the LAN, ZAPro just makes a fuss about all the programs I want to run and during the "learning" phase keeps asking if its OK.

Still, best to humour it, I suppose. (Sorry about the spelling, Richard :) )