Industry News

VigilantMinds Validates Microsoft Still Vulnerable

VigilantMinds Creates Intrusion Signature for Latest Microsoft Vulnerability PITTSBURGH, PA -- (MARKET WIRE) -- 11-10-2003 -- VigilantMinds Inc., a leader in information security solutions, has validated the latest claims regarding a new Microsoft Remote Procedure Call (RPC) vulnerability. The rumor of the existence of this latest RPC vulnerability emerged earlier this week on several security-related discussion forums. VigilantMinds has created an intrusion signature to detect attempts at exploitation of this new vulnerability. VigilantMinds has already deployed a detection signature to protect its customers and has provided this intrusion signature to the global security community.

VigilantMinds has demonstrated full denial of service (DoS) attacks and possible remote exploitation against hosts with fully patched and updated versions of MS Windows XP Professional, XP Home, and 2000 Workstation. Although it has not been verified at this time, other versions of Microsoft Windows are also suspected to be subject to this vulnerability. VigilantMinds has notified Microsoft and the appropriate government agencies.

The vulnerability is an extension of the recent Microsoft Windows RPC vulnerability discovered less than two months ago. The latest RPC vulnerability enables hackers and/or worms to completely disrupt or take control of computer systems.

"This latest Microsoft RPC vulnerability may become the most severe business security issue to date. The MS-Blaster worm was based upon the prior RPC vulnerability -- and Blaster did a lot of damage. The new RPC vulnerability opens the door for more worms like Blaster. And since many organizations have already applied vendor patches related to RPC, they may assume that they are not at risk," says Dave Keener, VigilantMinds Chief Security Officer. "This confusion would amplify the detrimental effects of a new worm."

VigilantMinds has created and posted publicly an intrusion detection signature that will detect network traffic patterns associated with this attack. VigilantMinds will continue to update the intrusion signature as more information becomes available.

No software patch is available from Microsoft at this time. As a temporary solution, VigilantMinds suggests firewall restrictions on all affected ports for any exposed systems. All external connectivity (including VPN and dial-in) should be firewalled for incoming RPC activity.

About VigilantMinds Inc.:

VigilantMinds is a national leader in "best-fit" managed security solutions and leading-edge security products. VigilantMinds provides real-time monitoring and response for all aspects of an enterprise's wired and wireless Information System security issues. VigilantMinds enables organizations to improve the speed, efficiency and effectiveness of their systems security, thereby reducing operational costs and mitigating digital risks.

Dave Keener
Chief Security Officer
VigilantMinds Inc.

Monica McDermott
Director of Corporate Communications
VigilantMinds Inc.

© 2001 WebScope