NY.gov Portal State Agency Listing
The following cyber advisory was issued by the New York State Office of Information Technology Services and is intended for State government entities. The information may or may not be applicable to the general public and, accordingly, the State does not warrant its use for any specific purposes.

ITS ADVISORY NUMBER:
2013-075

DATE(S) ISSUED:
8/13/2013

SUBJECT:
Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (MS13-062)

OVERVIEW:

A vulnerability has been discovered in the way Microsoft Windows handles a specially crafted RPC request. Remote Procedure Call (RPC) is a protocol that is used to request a service from a program that is located on another computer that is on the same network.

This vulnerability may be exploited by sending a specially crafted RPC request.  Successful exploitation of this vulnerability could execute arbitrary code within the context of another user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

SYSTEMS AFFECTED:

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows RT

RISK:

Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: High

DESCRIPTION:

A vulnerability has been discovered in the way Microsoft Windows handles a specially crafted RPC requests.  This vulnerability is caused by the way Windows handles asynchronous RPC requests.  To exploit this vulnerability an attacker would send a specially crafted RPC request.  Successful exploitation of this vulnerability could execute arbitrary code within the context of another user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Implement egress and ingress filtering for RPC ports at the network perimeter and block all unsolicited inbound traffic on ports greater than 1024

REFERENCES:

Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms13-062

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3175