Skip to content
Tips for Tech

Tech Alert Briefing for 9/11/2003

Patch Issued for Serious Windows Flaws

Microsoft released a new patch to fix what it calls a critical vulnerability in it's Remote Procedure Call (RPC) service that couldallow an attacker to take over a user's system and potentially launch a Denial of Service (DoS) attack.

The vulnerability is serious and experts are predicting that virus writers will soon release a new worm to exploit unpatched systems.The vulnerabilities are similar in severity to those that produced the LovSan/Blaster worm that innudated networks worldwide with massive amounts of spam mail.

Microsoft is urging individual users and network administrators to immediately patch their systems or put into place workarounds until all patches can be made.

Some of the workarounds include:

  • Blocking UDP ports 135, 137, 138 and 445 at the firewall;
  • Blocking TCP ports 135, 139, 445 and 593 at the firewall;
  • Disabling DCOM services;
  • Disabling RPC over HTTP, which listens on ports 80 and 443;
  • Disabling COM Internet Services

In addition to the patch and several workarounds, Microsoft has also released a network scanning tool to find systems that don't have the patch installed.

Read Microsoft's Security Bulletin and get the patch here.

Additional warnings from Homeland Security


Previous Tech Alerts

First published on 09/10/2003

Briefing type: 

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Briefings

Briefing Archives