also @ TechSpot: Updated Microsoft EULA prohibits class action lawsuits

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Flaw in RPC Endpoint Mapper could allow DoS attacks

Discussion in 'General Discussion' started by TS | Thomas, Mar 26, 2003.

Thread Status:
Not open for further replies.

  1. TS | Thomas Newcomer, in training

    There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerabilty affects the RPC Endpoint Mapper process, which listens on TCP/IP port 135. The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service.

    Microsoft has provided patches with this bulletin to correct this vulnerability for Windows 2000 & XP. Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerability for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability. Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ below, which is to protect the NT 4.0 system with a firewall that blocks Port 135.

    Affected Software:
    Microsoft Windows NT 4
    Microsoft Windows 2000
    Microsoft Windows XP

    Patch availability:
    Microsoft Windows 2000
    All except Japanese NEC
    Japanese NEC
    Windows XP
    32-bit Edition
    64-bit edition
    TS | Thomas, Mar 26, 2003
    #1
Thread Status:
Not open for further replies.