Support Centre

August 15, 2003 - Response to Microsoft RPC Interface Vulnerabilities (W32 Blaster Worm)

There has been much press recently about vulnerabilities in the Microsoft RPC Interface used by the systems listed below. The vulnerabilities were first reported in the July 31/03 CERT Advisory CA-2003-19 and the August 11/03 CERT Advisory CA-2003-20 reported the first exploitation known as the W32/Blaster worm. There may be other exploitations coming and you can visit the Cert Co-ordination Centre for current information.

Please be advised that Skyway West took steps Tuesday August 12 to protect it's public network customers from vulnerabilities in the Microsoft RPC Interface. We did so by blocking the incoming ports listed below. (Our private network services already protect against incoming traffic.) Many of our customers have already updated their fire walls but we are also compelled to take action due to the widespread nature and severity of the Microsoft vulnerabilities.

The blocked ports cause Windows computers to lose a large portion of their ability to communicate over the Internet using LAN tools like File Sharing. We recommend a tunneling protocol instead of using Windows File Sharing over the Internet. If you are unable to tunnel or find another alternative, please contact support to open the blocked ports specifically for you.

As a complementary service we monitor our network to identify particular computers that are either infected by the W32/Blaster worm or are actively engaged in hostile scanning of computer networks.

Systems Affected

  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0 Terminal Services Edition
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003

Skyway West is blocking all incoming traffic to the following ports:

[ Back to Skyway Knowledge Centre ]