Vulnerabilities in Windows RPCSS Service Could be Exploited By Viruses

· The publication of several vulnerability exploits could result in epidemics caused by malicious code that take advantage of these security holes
· Panda Software advises users to be on the alert and install the patches released by Microsoft

On September 10, Microsoft released an update[1] for the RPCSS service to correct several vulnerabilities affecting Windows NT Workstation 4.0, Windows NT Server 4.0 (including Terminal Server Edition), Windows 2000/XP and Server 2003. Just a week later, the Internet is teeming with programs that exploit these security holes to gain control of the affected computers.

Systems without the Microsoft patch installed are at risk, since these RPCSS vulnerabilities could allow an attacker to execute arbitrary code and get maximum privileges on compromised PCs. According to Luis Corrons, head of the Panda Software Virus Laboratory, “These vulnerabilities could be exploited in the future by new malicious code. Last August for example, Blaster exploited a vulnerability in RPC DCOM in order to spread on a massive scale.”

Blaster’s far-reaching propagation was not the first instance of malicious code taking advantage of a security hole in a widely used application, as other malicious code like CodeRed, Nimda, Bugbear or Klez.I had already exploited such vulnerabilities. The significance of this means of infection is highlighted by the fact that Klez.I still topped the ranking of the “Top Ten’ viruses most frequently detected by Panda ActiveScan, one year after its initial appearance.

However, one particular characteristic makes Blaster stand out from the rest. As Corrons explains, “Blaster appeared just a few days after the vulnerabilities it exploits were announced. Before, malicious code exploiting such vulnerabilities often took months to emerge after the flaw was announced. This change in the virus behaviour means that users need to react more quickly and maximize security measures -by means of an effective and up-to-date antivirus- and to inmediatelly install the patches relased by the software vendors.”

Don't miss