RE: [Full-Disclosure] MS03-039 has been released - critical

• Previous message: Johan Denoyer: "Re: [Full-Disclosure] Israeli boffins crack GSM code"
• In reply to: Robert Ahnemann: "RE: [Full-Disclosure] MS03-039 has been released - critical"
• Next in thread: Exibar: "Re: [Full-Disclosure] MS03-039 has been released - critical"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Robert Ahnemann" <rahnemann@affinity-mortgage.com>, <full-disclosure@lists.netsys.com>
Date: Wed, 10 Sep 2003 22:31:12 +0200

MS03-026 patched against 1 buffer overflow.
MS03-039 patches against 3 new buffer overflows.

That means there are 4 problems in all. All 4 problems occur via DCOM over
RPC. All 4 problems could be attacked in a similar fashion. All 4 problems
(as they are likely to occur in an Internet-wide attack) can be thwarted by
disabling DCOM. 2 of the 3 new problems can be turned into worms.

If you applied MS03-026, you can still be attacked via the 3 problems
patched by MS03-039.

MS03-039 corrects all 4 known DCOM/RPC problems (that's what they mean when
they say it "supercedes" MS03-026.)

If you haven't patched, and are going to patch, patch with MS03-039.

Anthony

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Robert
Ahnemann
Sent: Wednesday, September 10, 2003 20:31
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] MS03-039 has been released - critical

I ran the test program (as linked by MS) to see if the network showed as
patched. I haven't patched any of the machines with the 039 code, but
all are patched with the 026 one (original one as of July 16th) Does
this exploit still work (as in leave a vuln) if we have patched 026?
Might be a dumb question, but I bet other people are thinking it too.

-----Original Message-----
From: Exibar [mailto:exibar@thelair.com]
Sent: Wednesday, September 10, 2003 12:42 PM
To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] MS03-039 has been released - critical

anyone know of a 'sploit for this one yet? Or even proof of concept
code?

----- Original Message -----
From: "Ryan, Pete" <pete.ryan@thomson.com>
To: <full-disclosure@lists.netsys.com>
Sent: Wednesday, September 10, 2003 12:23 PM
Subject: [Full-Disclosure] MS03-039 has been released - critical

>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/
> bulletin/MS03-039.asp
>
> -Pete
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Johan Denoyer: "Re: [Full-Disclosure] Israeli boffins crack GSM code"
• In reply to: Robert Ahnemann: "RE: [Full-Disclosure] MS03-039 has been released - critical"
• Next in thread: Exibar: "Re: [Full-Disclosure] MS03-039 has been released - critical"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]