Re: DCOM/RPC buffer overflow

From: Adam (adam_at_msn.com)
Date: 08/06/03 

Date: Wed, 6 Aug 2003 13:06:55 -0700

I'd like to disable DCOM to fix the security flaw... But,
by reading your reply, I assume the security flaw occurs
in RPC and not DCOM.

"DCOM provides sophisticated mechanisms for marshaling and
unmarshaling method parameters that build on the remote
procedure call (RPC) infrastructure defined as part of the
distributed computing environment (DCE) standard."
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dndcom/html/msdn_dcomarch.asp

A firewall won't be enough protection, unless I install it
on each and every NT box.

>-----Original Message-----
>It's pretty hard to shut down RPC, so the best advice is
to install a
>firewall and block ports 135, 139, and 445 for both TCP
and UDP.
>
>--
>Kent W. England, Microsoft MVP for Windows
>
>
>
>"Adam" <adam@msn.com> wrote in
>message news:006d01c35c45$52cd4930$a601280a@phx.gbl...
>
>> Microsoft security bullentin MS03-025
>> (http://www.microsoft.com/technet/treeview/default.asp?
>> url=/technet/security/bulletin/MS03-026.asp) states
Buffer
>> Overrun In RPC Interface Could Allow Code Execution
>> (823980). I need to know if this buffer overrun occurs
in
>> RPC or DCOM. In other words, if DCOM is shutdown will
the
>> buffer overrun be eliminated?
>>
>> I would just run the update, but am unable to install
>> service pack 6 and thus unable to install the hotfix
patch.
>
>.
>

Relevant Pages

  • Re: DCOM, RPC and InstallShield problems
    ... > and dcom will not start. ... After this I proceeded to install al the ... >> drivers and here's where everything gets messed up. ... >> an XP pro I figured it wasn't really the drivers and focused on the RPC ...
    (microsoft.public.windows.mediacenter)
  • DCOM, RPC and InstallShield problems
    ... The drivers couldn't install. ... The RPC Server is unavailable. ... I get the "RPC Server is unavailable" message all over the place. ... DCOM service because InstallShield uses it for something through RPC to ...
    (microsoft.public.windows.mediacenter)
  • Re: DCOM/RPC buffer overflow
    ... > Overrun In RPC Interface Could Allow Code Execution ... if DCOM is shutdown will the ... > buffer overrun be eliminated? ... > I would just run the update, but am unable to install ...
    (microsoft.public.security)
  • Re: Single-instance within a network
    ... > I don't see how knowing that DCOM uses RPC, and RPC uses UDP, helps you ... Most anything that can be done using a RPC can be done using DCOM. ... COM is the actual object model (Component Object ... > and Automation (formerly called OLE Automation) is the term describing the ...
    (microsoft.public.vb.winapi)
  • Re: MAPI issue error message posted
    ... tcp/ip and see if this corrects the rpc link and dcom error. ... Event Source: DCOM ... Milly Staples [MVP - Outlook] ...
    (microsoft.public.outlook)