Check Point Reference: | SBP-2006-03 |
Date Published: | 27 Apr 2006 |
Severity: | High |
Last Updated: | Tuesday 08 May, 2007 |
Source: | SmartDefense Research Center |
Industry Reference: | CAN-2005-2119 |
Protection Provided by: | |
Who is Vulnerable? | Microsoft Windows operating systems |
Vulnerability Description | Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. Microsoft Remote Procedure Call (MS-RPC) is Microsoft's implementation of RPC. Microsoft Windows has reported multiple vulnerabilities (MS05-039, MS05-043, MS05-051, MS06-008) in its MS-RPC protocol that can be abused over the Common Internet File Sharing (CIFS) protocol on TCP/139 and TCP/445 (the standard ports used by CIFS). However, MS-RPC can be abused on any other TCP port used by the MS-RPC server to compromise a system. SmartDefense Protection allows you enforce the MS-RPC protections over all TCP ports. |
Vulnerability Details | A scenario where MS-RPC was abused on a random TCP Port was described on MS05-051 . A remote code execution vulnerability was reported in the Microsoft Distributed Transaction Coordinator (MSDTC) service. The MSDTC interface proxy (MSDTCPRX.DLL) functions as an RPC server that handles requests on the interface. The vulnerability allows an anonymous attacker to take complete control over an affected system. MSDTC listens on TCP port 3372 and a dynamic high TCP port, and is enabled by default on all Windows 2000 systems. |