Organizations that use Microsoft Corp.'s Windows software were scrambling last week to patch vulnerable systems after the company sent word of three more critical Windows software vulnerabilities.
Marathon patching sessions, antivirus updates and expressions of frustration with the Redmond, Wash. software maker were the norm, as systems administrators rushed to protect themselves from any other Blaster-style worm that may appear and exploit the new security holes.
The critical holes were found in an interface to a Windows component called the RPCSS service and affected almost every version of Windows. The RPCSS service processes messages using the RPC (Remote Procedure Call) protocol, which software programs running on different machines use to communicate, according to Microsoft Security Bulletin MS03-039. (See http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp.)
That made the latest bulletin similar to another recent RPC vulnerability, MS03-026, which was later used by the W32.Blaster and W32.Welchia worms to infect computers worldwide.
For that reason and others, companies affected by the new vulnerabilities wasted no time in mobilizing staff to patch their Windows systems.
IT staff at the Maryland Department of the Environment immediately began deploying patches to affected servers and user workstations. The department manages about 1,200 machines in total, with Windows on almost 100 per cent of the workstations and many of its servers, according to Hank Torrance, lead networks specialist at the Department.
Unlike their colleagues in the state's Motor Vehicle Administration who had to contend with a massive Blaster outbreak, staff at the Department of Environment successfully applied the earlier Microsoft RPC patch, MS03-026, in July and were spared Blaster's wrath, Torrance said.
The department is using the same approach with the latest vulnerabilities: relying on the built-in Windows Update feature to patch desktops and Novell Inc.'s ZENworks configuration management tool to push the patch out to affected Windows servers, he said.
The Blaster worm had a profound effect on the way that technical staff at Young Electric Sign Co. (YESCO) reacted to Microsoft's announcement.
The Salt Lake City maker of custom signs and electric displays spent five days in August digging out from the Welchia (or "Nachi") worm, a Blaster derivative, which infected around 50 of the company's 650 host machines and shut down operations in two branch offices, according to Bret Anderson, network manager at YESCO.
In the past the company's reaction to patches, including the last major RPC patch, was relaxed, he said.