Denial of Service in Microsoft RPC Endpoint Mapper

A new vulnerability in Microsoft's RPC endpoint mapper, which handles message exchange over TCP/IP, can result in a Denial of Service (DoS) condition.

Ken Pfeil

March 26, 2003

2 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported March 26, 2003, byMicrosoft.

 

 

VERSIONS AFFECTED

 

·        Windows XP

·        Windows 2000

·        Windows NT 4.0

 

DESCRIPTION

 

Anew vulnerability in Microsoft's RPC endpoint mapper, which handles messageexchange over TCP/IP, can result in a Denial of Service (DoS) condition. Thisvulnerability is a result of incorrect handling of malformed messages. Anattacker can exploit this vulnerability by establishing a TCP/IP connection tothe endpoint mapper process on a remote machine and transmitting a malformedmessage. The process on the remote machine would then fail.

 

VENDOR RESPONSE

 

Microsoft hasreleased Security Bulletin MS03-010,"Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks(331953)," to address this vulnerability and recommends that affected usersimmediately apply the patch mentioned in the bulletin.

 

CREDIT          

Discovered by JussiJaakonaho.

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like