Does the RPC Attack affect Win 98?

[Guest smith]

Does the RPC attack affect Win 98?

 

 

M$ Security Bulletin:

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

 

 

The Bulletin states:

 

Customers who require custom support for older releases must

contact their Microsoft account team representative, their

Technical Account Manager, or the appropriate Microsoft partner

representative for custom support options

 

Does this mean M$ is still supporting 98 for people with

custom contracts?

 

The bulletin also states in the FAQs"

 

What systems are primarily at risk from the vulnerability?

 

While all workstations and servers are at risk regarding this

issue, systems running Microsoft Windows 2000, Windows XP, or

Windows Server 2003 are primarily at risk due to the unique

characteristics of the vulnerability and affected code path.

 

Does Win 98 share these "unique characteristics?"

 

What is the difference between "all workstations and servers"

being at risk but just some being "primarily" at risk because of

"unique characteristics."

 

Normally I do not log on and have the browser available, i.e., I

can't look at other systems on my local network. Does that leave

me safe?

[Guest 98 Guy]

Re: Does the RPC Attack affect Win 98?

 

smith wrote:

> Does the RPC attack affect Win 98?

>

> M$ Security Bulletin:

> http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

 

I would bet that the problem (which required a very rare emergency

update a couple of days ago for NT-based systems) is with the "server"

service, possibly performed by the file rpcss.exe. I would bet that

win-9x is not vulnerable to the exploit being addresses in that

bulletin.

 

Furthermore, isin't Dcom related to (or required to be installed /

running) for RPC to function on win-9x?

 

If you're connected to the internet via a NAT-router, then you won't see

any port 135 connection attempts anyways.

 

---------------

http://technet.microsoft.com/en-us/library/cc750828.aspx

 

RPC Port Closures

 

Many services by default are listening on network interfaces, including

the local loopback interface. For example, the Microsoft remote

procedure call (RPC) port mapper listens on TCP/135, UDP/135, TCP/1027,

and TCP/1028. Three of these services — the RPC client, RPC server, and

RPC end-point mapper — can be configured to close all open ports.

However, these changes must be carefully tested because they can break

functionality, not only with remote hosts, but also between local

services.

 

Microsoft Exchange and Microsoft SQL Server™ are the most commonly

deployed applications that require RPC. Additionally, RPC calls are used

during remote management of servers. The common built-in utilities that

are dependent on RPC services are:

 

DHCP Manager

DNS Administrator

WINS Manager

Performance Monitor

Event Viewer

Registry Editor

Server Manager

User Manager

----------------

[Guest PA Bear [MS MVP]]

Re: Does the RPC Attack affect Win 98?

 

Support for Win98 ended in early July 2006. Is Win98 vulnerable to this

exploit? Possibly, but MS isn't going to tell you or issue a patch for any

non-supported OSS.

 

Many but certainly not all AV apps can detect the exploit addressed by

MS08-067:

http://www.virustotal.com/analisis/44ab3e26f3942dce07f4df341ab3515a

 

If you're behind a firewall *and* file/printer sharing is disabled, you

should be OK.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

smith wrote:

> Does the RPC attack affect Win 98?

>

>

> M$ Security Bulletin:

> http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

>

>

> The Bulletin states:

>

> Customers who require custom support for older releases must

> contact their Microsoft account team representative, their

> Technical Account Manager, or the appropriate Microsoft partner

> representative for custom support options

>

> Does this mean M$ is still supporting 98 for people with

> custom contracts?

>

> The bulletin also states in the FAQs"

>

> What systems are primarily at risk from the vulnerability?

>

> While all workstations and servers are at risk regarding this

> issue, systems running Microsoft Windows 2000, Windows XP, or

> Windows Server 2003 are primarily at risk due to the unique

> characteristics of the vulnerability and affected code path.

>

> Does Win 98 share these "unique characteristics?"

>

> What is the difference between "all workstations and servers"

> being at risk but just some being "primarily" at risk because of

> "unique characteristics."

>

> Normally I do not log on and have the browser available, i.e., I

> can't look at other systems on my local network. Does that leave

> me safe?

[Guest 98 Guy]

Re: Does the RPC Attack affect Win 98?

 

"PA Bear [MS MVP]" wrote:

> If you're behind a firewall *and* file/printer sharing is disabled,

> you should be OK.

 

Even with file/print sharing enabled, how would an RPC packet get past a

firewall (ie - NAT router) ?

[Guest Dan]

RE: Does the RPC Attack affect Win 98?

 

I would be surprised if remote procedure call (rpc) affects Windows 98 since

that is one of the great things that I enjoy about Windows 98 is that it does

not have the ability to allow another os to easily connect to Windows 98 like

Windows XP has. In Windows XP, Microsoft can use Easy Assist in order to

remotely try and work on your system from their end. I have not seen this

procedure ever used in Windows 98.

 

The thing is that with less there is more in some cases especially with

their being less services in Windows 98 compared to Windows XP and this has

the affect of their being less attack vectors to compromise a user's system.

If you put an unpatched XP system on the 'Net and an unpatched 98 system on

the 'Net I would be surprised if the 98 system was compromised before the XP

system. I found this by researching with Google and it appears RPC is not a

component of Windows 98.

 

http://www.microsoft.com/technet/security/Bulletin/MS04-012.mspx

 

Sometimes, it seems you go backwards with progress because RPC according to

this Microsoft bulletin does not affect Windows NT or Windows 98 but

certainly affects Windows 2000, Windows XP and Windows Server 2003. Long

Live Windows 98.

 

"smith" wrote:

> Does the RPC attack affect Win 98?

>

>

> M$ Security Bulletin:

> http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

>

>

> The Bulletin states:

>

> Customers who require custom support for older releases must

> contact their Microsoft account team representative, their

> Technical Account Manager, or the appropriate Microsoft partner

> representative for custom support options

>

> Does this mean M$ is still supporting 98 for people with

> custom contracts?

>

> The bulletin also states in the FAQs"

>

> What systems are primarily at risk from the vulnerability?

>

> While all workstations and servers are at risk regarding this

> issue, systems running Microsoft Windows 2000, Windows XP, or

> Windows Server 2003 are primarily at risk due to the unique

> characteristics of the vulnerability and affected code path.

>

> Does Win 98 share these "unique characteristics?"

>

> What is the difference between "all workstations and servers"

> being at risk but just some being "primarily" at risk because of

> "unique characteristics."

>

> Normally I do not log on and have the browser available, i.e., I

> can't look at other systems on my local network. Does that leave

> me safe?

>

>

>