Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (MS13-062)

ITS Advisory Number: 
2013-075
Date(s) Issued: 
Tuesday, August 13, 2013
Subject: 
Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (MS13-062)
Overview: 

A vulnerability has been discovered in the way Microsoft Windows handles a specially crafted RPC request. Remote Procedure Call (RPC) is a protocol that is used to request a service from a program that is located on another computer that is on the same network.

This vulnerability may be exploited by sending a specially crafted RPC request.  Successful exploitation of this vulnerability could execute arbitrary code within the context of another user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows RT
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

A vulnerability has been discovered in the way Microsoft Windows handles a specially crafted RPC requests.  This vulnerability is caused by the way Windows handles asynchronous RPC requests.  To exploit this vulnerability an attacker would send a specially crafted RPC request.  Successful exploitation of this vulnerability could execute arbitrary code within the context of another user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

A vulnerability has been discovered in the way Microsoft Windows handles a specially crafted RPC requests.  This vulnerability is caused by the way Windows handles asynchronous RPC requests.  To exploit this vulnerability an attacker would send a specially crafted RPC request.  Successful exploitation of this vulnerability could execute arbitrary code within the context of another user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Implement egress and ingress filtering for RPC ports at the network perimeter and block all unsolicited inbound traffic on ports greater than 1024
References: 
Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms13-062
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3175