DCOM/RPC Vulnerabilities FAQ v4
Thanks to Russ Cooper and the people behind NTBugTraq here is the DCOM/RPC Vulnerabilities FAQ v4
It will help you disable DCOM on various OS's and also talk about the various RPC vulnerabilities.
Thanks to Russ Cooper and the people behind NTBugTraq here is the DCOM/RPC Vulnerabilities FAQ v4
It will help you disable DCOM on various OS's and also talk about the various RPC vulnerabilities.
This is from Marc Maiffret Chief Hacking Officer at eEye Digital Security
The way that Microsoft patched the new RPC Part II vulnerability actually breaks most scanning tools looking for the first flaw.http://www.eeye.com/html/Research/Tools/RPCDCOM.htmlThat is to say that if your company is using a scanning tool looking for MS03-026 and you have installed MS03-039 then your MS03-039 systems will be flagged as vulnerable, when they obviously are not.
Since we actually found the flaw we were able to update Retina and our free scanning tool to correctly identify this new vulnerability, and old, without getting false positives. Again, last time I checked ISS, Foundstone, and a couple free tools (MS's old version), will incorrectly identify systems as vulnerable to the old flaw, with this new patch installed.
Retina 4.9.126 and our free RPC scanner Version 1.1.0 have the correct checks that the rest of the scanners are going to need to "model themselves" after in order to accurately detect these RPC flaws. Again the free RPC scanner tool, with latest RPC check, can be downloaded from:
Microsoft Security Bulletin MS03-039
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Originally posted: September 10, 2003
Impact of vulnerability: Three new vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user’s system.
Maximum Severity Rating: Critical
Recommendation: System administrators should apply the security patch immediately
This patch supercedes patch MS03-26 which was for the MSBlaster worm. This means you only need to install MS03-39.
You can bet their is another worm or virus on the way that will take advantage of this new exploit.
Recommendations, to get ahead and avoid another problem like MSBlaster :
Get a Firewall (Hardware, software)
Patch your MS Windows systems and keep them patched
Install Anti-virus software and keep it up to date
Make sure if you have any remote clients or customers entering into your internal network they are patched as well.
California has just passed a new privacy law that can be termed the Opt-in list instead of the familiar Opt-out that many of you have been hearing about. See the full story
Stats say that Id Theft hits 10 million Americans a year (The Register).
A staggering 27.3 million Americans have been victims of identity theft in the last five years, according to Federal Trade Commission survey out this week. In the last year alone, 9.9 million people have had their identity purloined.
I give talks on Id Theft for various service organizations maybe I should release ebook on how to avoid ID Theft on the internet?
