September 11, 2003
Products Affected
|
Product |
|---|
|
BBSM 5.x and Hotspot 1.x |
Problem Description
It is believed that existing code, including the exploit implemented by W32.Blaster.Worm, which targets the vulnerability in Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) subsystem described in the Microsoft security bulletin MS03-026 can easily be modified to successfully exploit one of the vulnerabilities listed in MS03-039. This patch supercedes MS03-026.
Background
MS03-039 fixes a potential RPC and DCOM exploit that affects all Building Broadband Service Manager (BBSM) products and can safely be applied regardless of service pack or BBSM patch revision history.
Problem Symptoms
Unknown at this time.
Workaround/Solution
Install MS03-039 from Microsoft Website
Block RPC interface ports at your firewall. Port 135 is used to initiate an RPC connection with a remote computer. In addition, there are other RPC interface ports that could be used by an attacker to remotely exploit this vulnerability. Blocking the following ports at the firewall will help prevent systems behind that firewall from being attacked by attempts to exploit this vulnerability:
-
TCP/UDP Port 135
-
TCP/UDP Port 139
-
TCP/UDP Port 445
In addition, customers may have configured services or protocols that use RPC that might also be accessible from the Internet. Systems administrators are strongly encouraged to examine RPC ports that are exposed to the Internet and to either block these ports at their firewall, or apply the patch immediately.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: