Wormable Windows RPC bug warning issued

By on
Wormable Windows RPC bug warning issued

Busy Easter ahead for administrators.

Over a million systems connected to the Internet could be vulnerable to a wormable or self-spreading vulnerability in the Windows Remote Procedure Call protocol, researchers warn.

The bug can be abused for remote code execution at high privilege levels, with no user interaction required, nor authentication.

Administrators who expose Windows computers with the Systems Management Block (SMB) file sharing protocol to the Internet should block traffic to port 445 to avoid attacks.

However, the vulnerability could still be exploited from inside firewall perimeters, security researchers warned.

A scan with the Censys.io search engine shows several thousands of potentially vulnerable systems on Australian networks.

The April set of Patch Wednesday security updates handle the flaw, which comes with a Common Vulnerabilities Scoring System version 3.1 rating of 9.8 out of 10.0.

Security vendor F-Secure head Mikko Hyppönen advised administrators to apply the patch soon, "before we see Blaster worm all over again".

The Blaster worm quickly spread throughout the world in August 2003, forcing internet providers to apply filters to drop traffic to and from ports 139 and 445 to curb the infection rate.

A privilege escalation bug, tracked with the Common Vulnerabilities and Exposures index CVE-2022-24521, is also patched this month together with several critical remote code execution flaws, some of which are currently being exploited.

The United States National Security Agency, and security vendor Crowdstrike, reported the no-user-interaction vulnerability to Microsoft.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?