Microsoft late Wednesday confirmed a denial-of-service flaw in its implementation of the RPC (Remote Procedure Call) protocol and warned users that a working exploit is already publicly available. Microsoft Corp. countered the public disclosure of the vulnerability with an advisory that clarify the scope of the impact and to provide pre-patch workaround for Windows users.

Microsoft advisory comes a few days after the proof-of-concept exploit code appeared on several security Web sites, including SecuriTeam.com, FrSIRT.com and Virus.org. Microsoft acknowledged the bug affected its Windows 2000 Service Pack 4 and Windows XP Service Pack 1 operating systems. “This vulnerability could allow an attacker to levy a denial of service attack of limited duration,” the company’s advisory warned.

Views: Full Story
Source: eWeek