RE: attempt to launch a DCOM server?

From: runifoc (runifoc_at_bellsouth.net)
Date: 08/14/03

  • Next message: Rolf Penzel: "Error Message: User Interface Failure: The Logon User Interface DLL Msgina.dll Failed to Load"
    To: <focus-ms@securityfocus.com>
    Date: Thu, 14 Aug 2003 06:32:05 -0500
    
    

    http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fbin%2Fkbsea
    rch.asp%3FArticle%3D303685

    http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:
    80/support/kb/articles/Q298/0/95.ASP&NoWebContent=1

    The first article claims this problem was fixed with Windows2000SP3. The
    second states that the error messages are benign and can be safely ignored.
    Apparently, it is caused by certain DCOM services starting in the wrong
    order.

    James

    -----Original Message-----
    From: Vincent Aikema [mailto:vaikema@hotmail.com]
    Sent: Wednesday, August 13, 2003 6:02 AM
    To: geoffreyshorter@hotmail.com
    Cc: focus-ms@securityfocus.com
    Subject: RE: attempt to launch a DCOM server?

    I've seen the same error that Geof reported. It appears on just one of my
    servers here...about 3 times per day. The error first appeared AFTER I
    patched the server over a week ago. In my case the "originating user" is in
    a seperate (country) network linked via a vpn with no firewall in between.

    My initial obvious conclusion was that the user installed some exploit
    utility either intentionally or unintentionally and it is being run
    automatically. However the local admin there hasn't discovered any problem
    on that user's PC, but is still pursuing it. My main concern now is what
    did it do on the server BEFORE it was patched last week. I don't see
    anything abnormal, but...

    If anyone has any info on this, I'd also like to know :-)

    Ciao,
    Vincent

    -----Original Message-----
    From: Geoffrey Shorter [mailto:geoffreyshorter@hotmail.com]
    Sent: Tuesday, August 12, 2003 9:36 PM
    To: focus-ms@securityfocus.com
    Subject: attempt to launch a DCOM server?

    One of our machines, which we know is patched against the RPC DCOM
    vulnerability, reported this at 12:16:33 this afternoon:

    System Error 10002
    Access denied attempting to launch a DCOM Server.The server is:{<bunch of
    numbers here>}The user is <servicename>/<servername>,
    SID=S-1-5-21-00000000000-000000000-0000000000-0000.

    Names and numbers changed/removed to protect the innocent, of course... :)

    Is the above an indication of someone attempting to exploit the RPC DCOM
    vulnerability?

    Anyone know?

    Thanks.
    geof

    _________________________________________________________________
    MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
    http://join.msn.com/?page=features/virus

    ---------------------------------------------------------------------------
    Your network firewall and IDS products do not prevent Web application
    attacks - the most common form of online exploitation- resulting in Web
    defacement, data theft, sabotage and fraud.
    KaVaDo is the only company that provides a complete suite of Web
    application security products.
    Download a FREE whitepaper on "Security Policy Automation for Web
    Applications":http://www.securityfocus.com/Kavado-focus-ms
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Your network firewall and IDS products do not prevent Web application
    attacks - the most common form of online exploitation- resulting in Web
    defacement, data theft, sabotage and fraud.
    KaVaDo is the only company that provides a complete suite of Web
    application security products.
    Download a FREE whitepaper on "Security Policy Automation for Web
    Applications":http://www.securityfocus.com/Kavado-focus-ms
    ---------------------------------------------------------------------------


  • Next message: Rolf Penzel: "Error Message: User Interface Failure: The Logon User Interface DLL Msgina.dll Failed to Load"