VigilantMinds Validates Microsoft Still Vulnerable
VigilantMinds Creates Intrusion Signature for Latest Microsoft Vulnerability
PITTSBURGH, PA -- (MARKET WIRE) -- 11-10-2003 --
VigilantMinds Inc., a leader in information
security solutions, has validated the latest claims regarding a new
Microsoft Remote Procedure Call (RPC) vulnerability. The rumor of the
existence of this latest RPC vulnerability emerged earlier this week on
several security-related discussion forums. VigilantMinds has created an
intrusion signature to detect attempts at exploitation of this new
vulnerability. VigilantMinds has already deployed a detection signature to
protect its customers and has provided this intrusion signature to the
global security community.
VigilantMinds has demonstrated full denial of service (DoS) attacks and
possible remote exploitation against hosts with fully patched and updated
versions of MS Windows XP Professional, XP Home, and 2000 Workstation.
Although it has not been verified at this time, other versions of Microsoft
Windows are also suspected to be subject to this vulnerability.
VigilantMinds has notified Microsoft and the appropriate government
The vulnerability is an extension of the recent Microsoft Windows RPC
vulnerability discovered less than two months ago. The latest RPC
vulnerability enables hackers and/or worms to completely disrupt or take
control of computer systems.
"This latest Microsoft RPC vulnerability may become the most severe
business security issue to date. The MS-Blaster worm was based upon the
prior RPC vulnerability -- and Blaster did a lot of damage. The new RPC
vulnerability opens the door for more worms like Blaster. And since many
organizations have already applied vendor patches related to RPC, they may
assume that they are not at risk," says Dave Keener, VigilantMinds Chief
Security Officer. "This confusion would amplify the detrimental effects of
a new worm."
VigilantMinds has created and posted publicly an intrusion detection
signature that will detect network traffic patterns associated with this
attack. VigilantMinds will continue to update the intrusion signature as
more information becomes available.
No software patch is available from Microsoft at this time. As a temporary
solution, VigilantMinds suggests firewall restrictions on all affected
ports for any exposed systems. All external connectivity (including VPN
and dial-in) should be firewalled for incoming RPC activity.
About VigilantMinds Inc.:
VigilantMinds is a national leader in "best-fit" managed security solutions
and leading-edge security products. VigilantMinds provides real-time
monitoring and response for all aspects of an enterprise's wired and
wireless Information System security issues. VigilantMinds enables
organizations to improve the speed, efficiency and effectiveness of their
systems security, thereby reducing operational costs and mitigating digital
Chief Security Officer
Director of Corporate Communications