home | about | newsletters | contact | advertising | shop | radio | courses | site map

Helping Normal People Get Their Geek On And Live The Digital Lifestyle

WHY NOW IS THE TIME TO ENROLL [VIDEO]

Login: Password: Remember me

Big Windows Security Hole

Posted Aug 4, 2003 by zorkshin  

Perhaps in recent news (notably featured on CNN) you have heard about a major “Windows Security Hole” that many experts are warning of. Yes, there is a very important and dangerous hole in Windows NT/2000/XP/2003. However, there are a few simple steps you can take to secure yourself from this hole (and even future holes).


1. Know Thy Enemy


The hole is also known as the Windows DCOM-RPC exploit. It uses ports 135, 137, 139, and 445 (Windows service ports) to overflow and crash the RPC server on a victim’s computer. To use the exploit, all a hacker must know is your IP address. Everything else is easy from there. However, in order for the attack to work, you must be running an un-patched version of: Windows NT (SP 0,1,2,3,4,5,6), Windows 2000 (SP 0,1,2,3,4), Windows XP Home (SP 0,1), Windows XP Pro (SP 0,1), or Windows 2003 Server.


2. Download the Patch


http://www.microsoft.com/security/security_bulletins/ms03-026.asp


3. Block the Ports


Now, even though you have the patch, it is rumored that it does not work 100% of the time and is also sometimes hard to apply to different Windows installations, for one reason or another. That is why I recommend that you find a way to block ports 135, 137, 139, and 445. Here are a few ways, depending on your setup:



  • Block ‘em From Your Router/Firewall
    If your router is configured with a white list (ie. “Services”) erase any entries for ports 135, 137, 139, and 445. If it is configured with a blacklist (ie. “Access Control”), add entries for ports 135, 137, 139, and 445. Make sure that DMZ Host is not on, or you have accomplished nothing.

  • Block ‘em From Your Software Firewall
    An excellent software firewall choice is ZoneAlarm. If you install this program and set it on “Medium” or “High” security settings, it will block 135, 137, 139, and 445 by default. Otherwise, use whatever program you feel comfortable with and make sure you tell it to block those ports.

  • Call Up Your ISP
    Ask your ISP if they can block ports 135, 137, 139, and 445. If they can, it will eliminate a lot of Windows security worries.

There you have it. You are now safe from this big exploit. If you would like to learn more about it or would like to actually see the malicious code, head over to http://www.k-otik.com/exploits/07.30.dcom48.c.php. The source is standard C and to compile you must have cygwin.

Posted In: Operating Systems

Post a Comment
PCMech University - Premium Tech Membership Program

- Dominate Your Computer

- Profit From The Internet

- Premium, Actionable Information

Why Now Is The Time To Enroll [VIDEO]

Got The Newsletter?

Exclusive PCMech Content. Sign up and receive our free report: 20 Tips For Becoming a Technology Power User.

NAME:
EMAIL:

Featured Product of The Week

Build Your Own PC

Build Your Own PC - Book/DVD

Our book and DVD package will walk you through the entire process of building your own rig. Beginner-friendly.

More Information

Now Playing on PCMech Video

Feature ImageLaptop Stand Giveaway

October 2, 2008

Feature ImageHow-To: Multiple Application Bars In Windows

September 29, 2008

See All Videos | PCMech Channel Youtube Channel