Re: svchost exploit on ports 80, 443 &21

From: Bluto (arf-arf_at_doubleclick.net)
Date: 04/05/04

  • Next message: info: "what's a good firewall?" 
    Date: Mon, 05 Apr 2004 06:10:25 -0400

    Alastair Smith wrote:

    > The technical details of the server are as follows: -
    >
    > Windows 2000 Small Business Server with SP4, Exchange 2000 SP3, IE6
    > sp1 and all other Microsoft critical updates.
    > McAfee Netshield.

    There are, reportedly, a number of zero-day exploits (no notice,
    no patch) exploits in MS tools and OS being used by professional
    black hats, especially in Russia. Obviously, this is hard to
    verify. However, it's possible that there are some, and that
    your script-kiddie got one (a pro hacker wouldn't advertise,
    like yours has done) and used it on you.

    But, there's a general consensus, at least in the Windows AND
    Linux using community that I'm part of, that anything with ActiveX
    is NOT appropriate for exposure to the Internet. And, it
    sounds like you may well have some ActiveX 'bits' showing in
    public. If so, that may well be an approach you want to reconsider.
    ActiveX was designed for convenience, not security.

    Also, web mail tools (including those running on Linux) have a
    pretty spotty security record -- you may want to see how you
    can lock down (and log) those tools further, once you are back
    up and running.

  • Next message: info: "what's a good firewall?"

    Relevant Pages

    • Re: Windows XP Home Update April 11 - Programs Freeze After
      ... The Internet Explorer ActiveX update, ... the Compatibility Patch will temporarily return Internet Explorer ... System Restore and all was well until today when these same 7 Automatic ...
      (microsoft.public.windowsxp.general)
    • Re: ELF loading
      ... Is there anything like ActiveX on a Linux system, ... a data source and can convert from one data source to another transparently? ...
      (alt.lang.asm)
    • Re: Windows Update KB912945
      ... Microsoft to Slap Patch on Risky IE Hole ... Web programs called ActiveX controls. ... April 11th security updates. ...
      (microsoft.public.windowsxp.general)
    • [NT] Microsoft Terminal Server Client Buffer Overrun
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft Terminal Server ActiveX client is the ActiveX version of the ... Vendor has bulletin and patch for Terminal Server ...
      (Securiteam)
    • Microsoft Terminal Server Client Buffer Overrun (A082802-1)
      ... Microsoft Terminal Server Client Buffer Overrun ... Microsoft Terminal Server ActiveX client (http://www.microsoft.com ... install the latest vendor cumlative patch for Internet Explorer ...
      (Bugtraq)