Remote Proceedure Call Vulnerability

[amdphr3@kXP]

A word of warning to anyone relying on the microsoft hotfixes for the RPC vulnerability, I know of a few ppl that run a webserver off their net connections, and have the hotfixes installed. They were targeted by attackers using the RPC exploits, and the attackers were still able to compromise their systems using these exploits, even though the hotfixes were installed. My advice would be to either disable the RPC service, or block all incoming Remote Proceedure Calls on all ports, both TCP and UDP using a decent firewall. This will stop any RPC's from reaching your system, and effectively allowing a hacker to compromise your system.

[DaveXP]

Someone else who has the patch and it dont work.

[Sphynx]

A hint that a lot of people don't know :

If you get that screen, saying "Windows will reboot in ..:.."

Press Start, Run and type

shutdown /a

Then you can download the patch, without the reboots

And install a good firewall people... I don't understand why there are still so many people with port 135 open ...

[Mpak]

I'm gonna shopping somewhere and i wonder why others don't get guns and body armour with them, like i do? Aren't they afraid of robbers or something?

[R600]

I can't remember where I posted this message, but does anyone know what the RPC is actually used for?

[Aaron]

http://www.cexx.org/rpc.htm

Don't follow anybody's advice about deleting/disabling this service, its not recommended.

[gamehead200]

If Doggie sees this message:

Can't a program be made to do this automatically?

[DaveXP]

If Doggie sees this message:

Can't a program be made to do this automatically?

do wat......

[rotjong]

A hint that a lot of people don't know :

If you get that  screen, saying "Windows will reboot in ..:.."

Press Start, Run and type

shutdown /a

Not to step on your toes but it's "shutdown -a" not "shutdown /a".

I had this patch installed when it first was released but sadly it seems 99% of people did not and I've spent the last 3 days helping friends out with it.

[jayroller]

hmm, and MS expect us to trust AntiVirus solutions they've had a hand in...... doesn't bode well if you ask me if they can't even patch their own flaws successfully. i think the 16th will be a Linux day for me...

[DaveXP]

hmm, and MS expect us to trust AntiVirus solutions they've had a hand in...... doesn't bode well if you ask me if they can't even patch their own flaws successfully. i think the 16th will be a Linux day for me...

why wats happening on the 16th may i ask

[Aaron]

Not to step on your toes but it's "shutdown -a" not "shutdown /a".

I had this patch installed when it first was released but sadly it seems 99% of people did not and I've spent the last 3 days helping friends out with it.

It varies across Operating Systems. On XP its "-a", on Windows Server 2003 its "/a", and in Windows 2000 shutdown.exe doesn't exist.

[Aaron]

why wats happening on the 16th may i ask

A mass Denial of Service attack on WindowsUpdate from users infected with the MSBlaster worm. In fact this attack has already started due to some users' system clocks being ahead of time, and WU is showing signs of slowness.

This attack will prevent other users from downloading the RPC flaw fix.

[DaveXP]

i see

[darkkavenger]

How funny, my home Pc was attacked but i was able to fix it in like five seconds ;-)