Re: RPC DCOM still vulnerable even after applying patches

• Previous message: Microsoft Security Response Center: "MS03-029 / Q823803 and RRAS Problems [im]"
• Maybe in reply to: khan rohail: "RPC DCOM still vulnerable even after applying patches"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 30 Jul 2003 11:46:52 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Summary:

1. It is confirmed that there is a RPC/DCOM DoS attack against Windows 2000 SP3 and SP4 systems which have had MS03-026 applied. This was announced by XFocus on 7/20/2003 on SecurityFocus' Bugtraq.

http://www.securityfocus.com/archive/1/329755

2. Thor Larholm confirmed it also;

"Positively confirmed on patched Windows 2000 SP4 - did not reproduce on patched XP Home.

Drag/Drop and other COM functions stop working, after a very visible svchost.exe crash.

The hdmore loopback exploit is more friendly - it gave a nice DoS on all RPC/COM services (no drag/drop) without crashing svchost. Of course, this is only with the new return addresses that are not tied to any specific servicepack.."

Cheers,
Russ - NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to

http://www.trusecure.com/offer/s0100/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Microsoft Security Response Center: "MS03-029 / Q823803 and RRAS Problems [im]"
• Maybe in reply to: khan rohail: "RPC DCOM still vulnerable even after applying patches"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]