For more information about these updates and about other Microsoft security updates, visit the following Microsoft Web site:. For more information about the support lifecycles of Microsoft products, visit the following Microsoft Web sites:.
Keywords: kbhowto kbinfo kbpubtypekc kbmsccsearch kbexpertiseinter kbexpertisebeginner kbsecadvisory KB Send feedback to Microsoft. Image Uploader. Server Info. Wiki home. Recent changes. Random page. Wiki Guidelines. Community portal. Wiki home. Recent changes. Random page. Wiki Guidelines. Community portal.
KB Archive. Tools What links here. Related changes. Special pages. Printable version. Permanent link. Page information. View source. Create account. Log in. Jump to: navigation , search. Knowledge Base. Mitigating factors Firewall best practices and standard default firewall configurations can help to protect networks from remote attacks that originate outside the enterprise perimeter.
Best practices recommend that you block all the ports that are not actually being used. Therefore, most computers that are attached to the Internet should have a minimal number of the affected ports exposed. These ports are used to initiate an RPC connection with a remote computer. Blocking them at the firewall helps to prevent computers that are located behind the firewall from being attacked by attempts to exploit these vulnerabilities. Also block any other specifically configured RPC port on the remote computer.
STATUS Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article. If you find any of these files, your computer may be infected with the worm.
If you find one of these files, delete the file, and then follow the steps in the "Recovery" section of this article. Click Start , and then click Control Panel. Right-click the connection where you want to turn on Internet Connection Firewall, and then click Properties.
Click the Advanced tab, and then click to select the Protect my computer or network by limiting or preventing access to this computer from the Internet check box. Note Some dial-up connections may not appear in the Network Connection folders.
In some cases, you can use the following steps to turn on ICF for a connection that does not appear in the Network Connection folder. On the Tools menu, click Internet Options. Click the Connections tab, click the dial-up connection that you use to connect to the Internet, and then click Settings. Basic Firewall is a component of Routing and Remote Access that you can enable for any public interface on a computer that is running both Routing and Remote Access and a member of the Windows Server family.
This worm uses a previously announced vulnerability as part of its infection method. Because of this, you must make sure that you have installed the security patch on all your computers to address the vulnerability that is identified in Microsoft Security Bulletin MS Note that the security patch replaces the security patch. Microsoft recommends that you install the security patch that also includes fixes for the issues that are addressed in Microsoft Security Bulletin MS For more information about the security patch, click the following article number to view the article in the Microsoft Knowledge Base:.
Use the latest virus-detection signature from your antivirus vendor to detect new viruses and their variants. Best practices for security suggest that you perform a complete "clean" installation on a previously compromised computer to remove any undiscovered exploits that can lead to a future compromise. For additional information, visit the following Cert Advisory Web site:. To download the removal tool from your antivirus vendor, use the following procedures depending on your operating system.
To turn on ICF, follow these steps:. If your computer shuts down or restarts repeatedly when you try to follow these steps, disconnect from the Internet before you turn on your firewall. If you connect to the Internet over a broadband connection, locate the cable that runs from your external DSL or cable modem, and then unplug that cable either from the modem or from the telephone jack.
If you use a dial-up connection, locate the telephone cable that runs from the modem inside your computer to your telephone jack, and then unplug that cable either from the telephone jack or from your computer. If you cannot disconnect from the Internet, type the following line at the command prompt to configure RPCSS not to restart your computer when the service fails:.
If you have more than one computer sharing an Internet connection, use a firewall only on the computer that is directly connected to the Internet. Do not use a firewall on the other computers that share the Internet connection. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The flaws result from incorrect handling of malformed messages. This interface handles DCOM object activation requests that are sent from one machine to another.
An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS patch installed.
More details on this tool are available in Microsoft Knowledge Base article This tool supersedes the one provided in Microsoft Knowledge Base article If the tool provided in Microsoft Knowledge Base Article is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article to determine if their systems are patched.
The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them. Buffer Overrun: CAN Denial of Service: CAN Previous versions are no longer supported , and may or may not be affected by these vulnerabilities.
Does this patch supersede the one provided with that bulletin? The security patch provided with this bulletin fully supersedes the patch provided in MS, as well as the one provided in MS What's the scope of the vulnerability?
There are three different vulnerabilities discussed in this bulletin. The first two are buffer overrun vulnerabilities, while the third is a denial of service vulnerability. An attacker who successfully exploited either of the buffer overrun vulnerabilities could gain complete control over a remote computer.
This would give the attacker the ability to take any action that they wanted on the system, including changing Web pages, reformatting the hard disk or adding new users to the local administrators group.
An attacker who successfully exploited the denial of service vulnerability could cause the RPC Service to hang and become unresponsive. To carry out such an attack, an attacker would need to be able to send a malformed message to the RPCSS service and thereby cause the target system to fail in such a way that arbitrary code could be executed.
0コメント