Re: Flaw in RPC Endpoint Mapper - NT 4.0 FIX

From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 03/31/03 

From: "S. Pidgorny [MVP]" <slavickp@yahoo.com>
Date: Mon, 31 Mar 2003 19:39:07 +1000

Hector,

Microsoft follows supposedly open DCE specifications for RPC and some other
DCE protocols (Outlook/Exchange TNEF). Hardly local RPC (LRPC) requires open
port for endpoint on the network interface.

I work for organisation that runs several hundred NT servers despite
significant effort to upgrade. I don't like MS not fixing the vulnerability
and the way it's made official. However I understand that Microsoft cannot
support all the versions forever. I don't hear complaints about NT 3.51 not
being fixed... 

-- 
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-
"Hector Santos" <nospam@nospam.com> wrote in message
news:OihQ$T29CHA.2376@TK2MSFTNGP10.phx.gbl...
> I am extremely disappointed Microsoft has decided not the fix NT 4.0 RPC
> Endpoint Mapper flaw.  I am highly skeptical it not being done due to
> "architectural limitations."    Hogwash.  I don't buy it.  I will be
> interested to see the reaction among my own customer base still using NT
> when "told" they must upgrade to W2K or XP.
>
> Until this is settle,  Microsoft must be open to releasing technical
> information about the flaw to see if developers who are dependent on RPC
> operations can provide a fix on their own.
>
> Specifically, our RPC client/server product do not use the Endpoint Mapper
> so I need to see if its possible to provide a workaround to customers to
> simply tell them to block port 135.   However, I'm afraid point 135 may be
> used internally by RPC for more than just end point mapping.  This is the
> type of info I need to know from a technical standpoint to see what steps
> need to be taken.
>
> Does Microsoft provide technical RPC specifications somewhere?
>
> ----
>
>
>

Relevant Pages