Re: Alert: Microsoft Security Bulletin - MS03-039
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 09/10/03
- Previous message: Russ: "Re: Alert: Microsoft Security Bulletin - MS03-039"
- Maybe in reply to: Russ: "Alert: Microsoft Security Bulletin - MS03-039"
- Next in thread: Russ: "Re: Alert: Microsoft Security Bulletin - MS03-039"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Sep 2003 15:47:44 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
---------------- Original message -------------------
From: Jeff Urmann <Jeff.Urmann@HFA-MN.ORG>
Date: Wed, 10 Sep 2003 14:13:31 -0500
Russ,
Patch with what? Your message is a bit confusing. You said that MS03-39 introduces new vectors and MS03-026 is still vulnerable. Patching with either sounds like I`d still be vulnerable. What do you mean by patch now?
--Jeff
---------------- Original message -------------------
Hmm, not sure how much clearer I can say it. Let me try this;
MS03-026 patched against 1 buffer overflow.
MS03-039 patches against 3 new buffer overflows.
That means there are 4 problems in all. All 4 problems occur via DCOM over RPC. All 4 problems could be attacked in a similar fashion. All 4 problems (as they are likely to occur in an Internet-wide attack) can be thwarted by disabling DCOM. 2 of the 3 new problems can be turned into worms.
If you applied MS03-026, you can still be attacked via the 3 problems patched by MS03-039.
If you applied MS03-026, you won't get Blaster/Nachi any more, but you could get Phantom, Bandit, Millie, Briar (my dogs names), or whatever they call the next worm.
MS03-039 corrects all 4 known DCOM/RPC problems (that's what they mean when they say it "supercedes" MS03-026.)
If you haven't patched, and are going to patch, patch with MS03-039.
If you've patched with MS03-026, and that's the reason you stopped Blaster/Nachi (as opposed to disabling DCOM), then you should patch immediately with MS03-039.
I say immediately because I expect to see a new worm (very soon) based on either of the 2 new vulnerabilities capable of being turned into a worm.
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
"My thoughts are facts in my world, opinion to you. YMMV"
---- Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER! With a growth rate exceeding 110%, the TICSA security practitioner certification is one of the hottest IT credentials available. And now, for a limited time, you can save 33% off of the TICSA certification exam! To learn more about the TICSA certification, and to register as a TICSA candidate online, just go to http://www.trusecure.com/offer/s0100/ ----
- Previous message: Russ: "Re: Alert: Microsoft Security Bulletin - MS03-039"
- Maybe in reply to: Russ: "Alert: Microsoft Security Bulletin - MS03-039"
- Next in thread: Russ: "Re: Alert: Microsoft Security Bulletin - MS03-039"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
