microsoft: rpc ports are secure

Yes, that's right. Forget all the patches for RPC buffer overflows, there is a KB article which describes the ports used by IIS which states:

“The RPC port is directly bound to the network adapter, and can
therefore be directly accessed through Telnet. However, because RPC
ports are secure, any requests that are sent are rejected with a “Bad
Request” error message.”

Why didn't they just have it respond “Bad Request” to the buffer overflows? Maybe they didn't listen?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s