RE: Exploit for Windows RPC may be in the wild!

From: Eric Appelboom (eric_at_mweb.com)
Date: 07/27/03

  • Next message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"
    Date: Sun, 27 Jul 2003 20:42:19 +0200
    To: "Compton, Rich" <RCompton@chartercom.com>, <incidents@securityfocus.com>
    
    

     
    Yes exploits have been released (source code) and win32 compilied
    binaries.
    A worm is expected soon see full-disclosure tread.

    Happy patching
    Any1 with snort sig?

    -----Original Message-----
    From: Compton, Rich [mailto:RCompton@chartercom.com]
    Sent: 25 July 2003 09:46 PM
    To: incidents@securityfocus.com

    FYI,
    ISPs are reporting a dramatic increase in traffic on TCP port 135. No
    exploit code has been captured as of yet but the increase in traffic on
    this
    port probably indicates that exploit code is being executed! Block
    ports
    135 through 139 and 445!

    More info:
    http://www.microsoft.com/technet/treeview/?url=/technet/security/bulleti
    n/MS
    03-026.asp

    -Rich Compton

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ----
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"