From: "Robert Comer" 

> A trivial "fix" could be to simply disable port 135 in the
TCP/IP options.
What would that take?  Maybe 50 lines of code

And just put a warning on it that it will disable RPC over TCP/IP, don't
apply it if you use it -- you got me why it would be so hard for them to
do.

- Bob Comer


"Tony Ingenoso"  wrote in
message news:3e82f42b{at}w3.nls.net...
> A trivial "fix" could be to simply disable port 135 in the
TCP/IP options.
What would that take?  Maybe 50 lines of code
>
> "Geo."  wrote in message
news:3e821db7$1{at}w3.nls.net...
> > from
> >
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> > bulletin/MS03-010.asp
> >
> > If Windows NT 4.0 is listed as an affected product, why is Microsoft not
> > issuing a patch for it?
> >
> > During the development of Windows 2000, significant enhancements were
made
> > to the underlying architecture of RPC. In some areas these changes
involved
> > making fundamental changes to the way the RPC server software was built.
The
> > Windows NT 4.0 architecture is much less robust than the more recent
Windows
> > 2000 architecture, Due to these fundamental differences between Windows
NT
> > 4.0 and Windows 2000 and its successors, it is infeasible to rebuild the
> > software for Windows NT 4.0 to eliminate the vulnerability. To do so
would
> > require rearchitecting a very significant amount of the Windows NT 4.0
> > operating system, and not just the RPC component affected. The product
of
> > such a rearchitecture effort would be sufficiently incompatible with
Windows
> > NT 4.0 that there would be no assurance that applications designed to
run on
> > Windows NT 4.0 would continue to operate on the patched system.
> >
> > Microsoft strongly recommends that customers still using Windows NT 4.0
> > protect those systems by placing them behind a firewall which is
filtering
> > traffic on Port 135. Such a firewall will block attacks attempting to
> > exploit this vulnerability, as discussed in the workarounds section
below.
> >
> > Will Microsoft issue a patch for Windows NT 4.0 sometime in the future?
> >
> > Microsoft has extensively investigated an engineering solution for NT
4.0
> > and found that the Windows NT 4.0 architecture will not support a fix to
> > this issue, now or in the future.
> >
> > What's the scope of this vulnerability?
> >
> > This is a denial of service vulnerability. An attacker who successfully
> > exploited this vulnerability could cause a remote computer to fail.
However,
> > the attacker could not modify or retrieve data or execute code of his or
her
> > choice on the remote machine.
> >
> > To carry out such an attack, an attacker would require the ability to
make a
> > TCP/IP connection to the Endpoint Mapper running on the target machine.
Once
> > a TCP connection had been made, the attacker could send a malformed
message
> > to the RPC service and thereby cause the target machine to fail.
> >
> > The best defense against remote RPC attacks from the Internet is to
> > configure the firewall to block port 135. RPC over TCP is not intended
to be
> > used across hostile environments such as the Internet
> >
> >
>
>

--- BBBS/NT v4.01 Flag-4