[ Home | Contact Me ]

I noticed I was getting quite a few hits on the topic of this new "W32 Blaster Worm" that affects Microsoft systems via an RPC vulnerability, so I have created a special page for it. You should find enough links below to cover most aspects of this security issue.

Recommendations

Filter network traffic: TCP and UDP ports 135, 139 and 445
Apply patches

"Sites are encouraged to block network access to the RPC service at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter." However, be aware that the indicated TCP/IP ports also have legitimate uses in Microsoft Windows, such as connecting to Exchange email servers and for file and printer sharing.

Microsoft Information

Additional information about RPC port issues is available in the Windows Remote Procedure Call (RPC) and Distributed COM (DCOM) section of my TCP/IP ports page.

Anti-Virus

Windows Security Software

On my home broadband security page, I have a list of some security software for Windows including both firewalls and anti-virus.

CERT Advisories

CA-2003-16 Buffer Overflow in Microsoft RPC July 17, 2003
CA-2003-19 Exploitation of Vulnerabilities in Microsoft RPC Interface July 31, 2003
CA-2003-20 W32/Blaster worm August 11, 2003

US Department of Homeland Security Advisory

Potential For Significant Impact On Internet Operations Due To Vulnerability In Microsoft Operating Systems July 30, 2003

OCIPEP Alerts

AL03-004 EXPLOIT RELEASED RE: Microsoft Windows Buffer Overrun In RPC Interface 25 July 2003
AL03-005 Additional Vulnerability in Microsoft RPC 31 July 2003
AL03-007 Blaster Worm 11 August 2003

Incident Analysis and Reports

SANS Incident Handlers Diary RPC DCOM WORM (MSBLASTER) August 11th 2003
eEye - Blaster Worm Analysis 11-Aug-2003
Slashdot - RPC DCOM Worm On The Loose (11-Aug-2003)
Slashdot - Win32 Blaster Worm is on the Rise (12-Aug-2003)

[ Home | Contact Me ]