Re: DCOM/RPC buffer overflow

From: Kent W. England [MVP] (kwe_at_mvps.org)
Date: 08/08/03

Next message: Jason: "Re: pop ups"
Previous message: Robert Moir: "Re: NT workstation 4.0 security"
In reply to: Adam: "Re: DCOM/RPC buffer overflow"
Next in thread: Erik: "DCOM/RPC buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 8 Aug 2003 14:26:50 -0700

Yes, the vulnerability is accessed via RPC mechanism, so disabling DCOM
doesn't block RPC.

-- 
Kent W. England, Microsoft MVP for Windows
"Adam" <adam@msn.com> wrote in
message news:031501c35c56$48d446c0$a501280a@phx.gbl...
> I'd like to disable DCOM to fix the security flaw... But,
> by reading your reply, I assume the security flaw occurs
> in RPC and not DCOM.
>
> "DCOM provides sophisticated mechanisms for marshaling and
> unmarshaling method parameters that build on the remote
> procedure call (RPC) infrastructure defined as part of the
> distributed computing environment (DCE) standard."
> http://msdn.microsoft.com/library/default.asp?
> url=/library/en-us/dndcom/html/msdn_dcomarch.asp
>
> A firewall won't be enough protection, unless I install it
> on each and every NT box.
>
> >-----Original Message-----
> >It's pretty hard to shut down RPC, so the best advice is
> to install a
> >firewall and block ports 135, 139, and 445 for both TCP
> and UDP.
> >
> >-- 
> >Kent W. England, Microsoft MVP for Windows
> >
> >
> >
> >"Adam" <adam@msn.com> wrote in
> >message news:006d01c35c45$52cd4930$a601280a@phx.gbl...
> >
> >> Microsoft security bullentin MS03-025
> >> (http://www.microsoft.com/technet/treeview/default.asp?
> >> url=/technet/security/bulletin/MS03-026.asp) states
> Buffer
> >> Overrun In RPC Interface Could Allow Code Execution
> >> (823980). I need to know if this buffer overrun occurs
> in
> >> RPC or DCOM. In other words, if DCOM is shutdown will
> the
> >> buffer overrun be eliminated?
> >>
> >> I would just run the update, but am unable to install
> >> service pack 6 and thus unable to install the hotfix
> patch.
> >
> >.
> >

Next message: Jason: "Re: pop ups"
Previous message: Robert Moir: "Re: NT workstation 4.0 security"
In reply to: Adam: "Re: DCOM/RPC buffer overflow"
Next in thread: Erik: "DCOM/RPC buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: DCOM, RPC and InstallShield problems
... > and dcom will not start. ... After this I proceeded to install al the ... >> drivers and here's where everything gets messed up. ... >> an XP pro I figured it wasn't really the drivers and focused on the RPC ...
(microsoft.public.windows.mediacenter)
DCOM, RPC and InstallShield problems
... The drivers couldn't install. ... The RPC Server is unavailable. ... I get the "RPC Server is unavailable" message all over the place. ... DCOM service because InstallShield uses it for something through RPC to ...
(microsoft.public.windows.mediacenter)
Re: DCOM/RPC buffer overflow
... > Overrun In RPC Interface Could Allow Code Execution ... if DCOM is shutdown will the ... > buffer overrun be eliminated? ... > I would just run the update, but am unable to install ...
(microsoft.public.security)
Re: Single-instance within a network
... > I don't see how knowing that DCOM uses RPC, and RPC uses UDP, helps you ... Most anything that can be done using a RPC can be done using DCOM. ... COM is the actual object model (Component Object ... > and Automation (formerly called OLE Automation) is the term describing the ...
(microsoft.public.vb.winapi)
Re: DCOM/RPC buffer overflow
... I'd like to disable DCOM to fix the security flaw... ... I assume the security flaw occurs ... in RPC and not DCOM. ... A firewall won't be enough protection, unless I install it ...
(microsoft.public.security)