Re: RPC DCOM still vulnerable even after applying patches
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: Wed, 30 Jul 2003 11:46:52 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
1. It is confirmed that there is a RPC/DCOM DoS attack against Windows 2000 SP3 and SP4 systems which have had MS03-026 applied. This was announced by XFocus on 7/20/2003 on SecurityFocus' Bugtraq.
2. Thor Larholm confirmed it also;
"Positively confirmed on patched Windows 2000 SP4 - did not reproduce on patched XP Home.
Drag/Drop and other COM functions stop working, after a very visible svchost.exe crash.
The hdmore loopback exploit is more friendly - it gave a nice DoS on all RPC/COM services (no drag/drop) without crashing svchost. Of course, this is only with the new return addresses that are not tied to any specific servicepack.."
Russ - NTBugtraq Editor
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to