Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tenable NeWT Security Reports


  • Please log in to reply
2 replies to this topic

#1 Johnz414

Johnz414

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee, WI
  • Local time:08:18 AM

Posted 11 June 2005 - 07:30 PM

The following is a part of aTenable NeWT Security Report. After that is my question:

"epmap (135/tcp)


The remote host is running a version of Windows which has a flaw in
its RPC interface which may allow an attacker to execute arbitrary code
and gain SYSTEM privileges. There is at least one Worm which is
currently exploiting this vulnerability. Namely, the MsBlaster worm.


Solution: see http://www.microsoft.com/technet/security/...n/MS03-026.mspx

Risk factor : High
CVE : CAN-2003-0352
BID : 8205
Other references : IAVA:2003-A-0011", end report.


I run a clean machine. I don't ever get virus' and the like anymore haven learned the hard way why you don't want them. I run all the safety tools to guarantee this. So I don't get why I'm getting this reading on this security tool? I don't have the MsBlaster worm or anything else, yet I get this reading every time I run Tenable NeWT Security Reports . I follow the link for the Solution to check on the security update and I either get that another security update has taken care of it or most recently I've gotten an error in downloading the update. The error being: "Extraction Failed, xpsp1hfm.exe is not a valid Win 32 application." And then it stops the download.

So why does this happen? What is the "RPC interface", how would I know of a flaw in it and how would I correct the flaw? Thank you.

Sincerely,

Johnz414 :thumbsup:
John

"Genius is nothing other than pointing out the obvious",
Albert Einstein.

"I am what I am and that is all that I am, I am Popeye the Sailor Man", Popeye.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:18 AM

Posted 15 June 2005 - 09:37 PM

Do you have all the latest windows updates? If so you should be ok. Also install a software firewall and that port wont be visible to the outside and you will be fine

#3 Johnz414

Johnz414
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee, WI
  • Local time:08:18 AM

Posted 16 June 2005 - 12:13 PM

Hi Gringler,

Thanks for the response. I do have all the latest MS Updates and always make sure I have a firewall running. I figured that I didn't have to much to worry about but just want to make sure sense that report always gives the same warning. Thanks.

John :thumbsup:

Edited by Johnz414, 16 June 2005 - 12:14 PM.

John

"Genius is nothing other than pointing out the obvious",
Albert Einstein.

"I am what I am and that is all that I am, I am Popeye the Sailor Man", Popeye.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users