A new vulnerability in the Microsoft Remote Procedure Call (RPC) service has been discovered.
This flaw can be used to cause a Denial of Service (Denial of Service) and crash the RPC service in the same manner that was seen during the outbreak of the blaster worm.
At this time, this flaw cannot cause code execution which the original flaw allowed; however, it has been said that it is possible using modified exploit code.
There are few bad news on RPC DCOM vulnerability:
1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
again actual.
2. It was reported by the exploit author (and confirmed), Windows XP SP1
with all security fixes installed, still vulnerable to a variant of the
same bug. Windows 2000/2003 was not tested. For a while, only DoS exploit
exists, but code execution is probably possible. Technical details are
sent to Microsoft, waiting for confirmation.
And confirmed by a 2nd party:
VigilantMinds has successfully validated the claims regarding the latest
Microsoft Remote Procedure Call (RPC) vulnerability. Specifically,
VigilantMinds has validated that hosts running fully patched versions of
the following Microsoft operating systems REMAIN subject to denial of
service attacks and possible remote exploitation
ORIGINAL POST
Please ensure port 135 is blocked. Most ISPs are still blocking 135 after blaster, but double check and prepare to patch again.
This flaw makes you vulnerable to DOS not code execution. Currently, an exploit is available for DoS and has been since yesterday.
Microsoft, have not confirmed this but be on alert the exploit code is in the wild.
