July 26, 2003 - eEye Providing Free Detection Utility to Combat
Exploit for Microsoft RPC DCOM Vulnerability Currently Circulating on
Exploit targets unpatched Microsoft Windows desktops and servers.
Administrators urged to scan their networks for vulnerable machines.
(Aliso Viejo, CA; Geneva, Switzerland) - July 26, 2003. eEye Digital
Security has learned that an exploit which takes advantage of a
critical Windows vulnerability discovered last week is now propagating
over the Internet. The exploit targets a buffer overflow associated
with Windows' implementation of Remote Procedure Call (RPC) and
impacts Windows NT, 2000, XP and Windows Server 2003. On July 16, 2003
Microsoft issued a patch for the vulnerability that was originally
discovered by the Polish research group Last Stage of Delirium. To
combat the vulnerability, eEye has released a free scanning utility to
detect unpatched systems.
The vulnerability impacts the way in which RPC is implemented in the
Windows Operating System. The exploit enables remote attackers to send
a specially crafted RPC request to TCP port 135 on machines that are