Re: RPC DCOM vulnerability????

From: Me2 (nospam_at_nospam.com)
Date: 10/11/03 

Date: Fri, 10 Oct 2003 16:21:37 -0700

It looks like the blacks hats are talking publicly about a RPC/DCOM
vulnerability variant that MS03-039 does NOT fix. We are waiting on testing
exploits and/or active exploits to appear! Lookout for blaster II...

Is Microsoft is racing to create another patch?
Can they do it in time...
Will Microsoft let us know if they can't?

Get the popcorn...

"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:O$D%23wq3jDHA.2616@TK2MSFTNGP11.phx.gbl...
> A new vulnerability, or a new exploit.
>
> I've seen an exploit for the vulnerability patched by MS03-039 published.
>
> Haven't heard of a new vulnerability.
>
> Certainly not impossible, however.
>
> "DaveR" <anonymous@discussions.microsoft.com> wrote in message
> news:A07EA962-8EFC-48DD-A550-08791ED9100E@microsoft.com...
> > There was a new RPC DCOM Vulnerability discussed this morning on
> bugtraq@securityfocus.com
> >
> > Has this been confirmed or is it just a hoax??
> >
> > Thanks,
> > Dave
> >
> > Original Email below-----------
> >
> > From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
> > Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
> > To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com,
> NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> > Cc: Secure@microsoft.com
> > Subject: Bad news on RPC DCOM vulnerability
> > Date: Fri, 10 Oct 2003 18:48:52 +0400
> > Dear bugtraq@securityfocus.com,
> >
> > There are few bad news on RPC DCOM vulnerability:
> >
> > 1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
> > again actual.
> > 2. It was reported by exploit author (and confirmed), Windows XP SP1
> > with all security fixes installed still vulnerable to variant of the
> > same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
> > exists, but code execution is probably possible. Technical details are
> > sent to Microsoft, waiting for confirmation.
> >
> > Dear ISPs. Please instruct you customers to use personal fireWALL in
> > Windows XP.
> >
> > --
> >
> >
> >
>
>

Relevant Pages

  • [Full-Disclosure] Linux kernel setsockopt MCAST_MSFILTER integer overflow proof of concept code
    ... Here is a very simple POC for this vulnerability. ... Other versions have been written but won't be released for now, waiting for ... everybody to upgrade. ... Julien TINNES ...
    (Full-Disclosure)
  • SecurityFocus Microsoft Newsletter #176
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #83
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability ... Microsoft Internet Explorer History List Script Injection ... Microsoft Windows 2000 Lanman Denial of Service Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #81
    ... MICROSOFT VULNERABILITY SUMMARY ... WWWIsis Remote Command Execution Vulnerability ... Windows NT 4.0 Print Spooler Security ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #336
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Unspecified Remote Code Execution Vulnerability ... Microsoft Windows Explorer BMP Image Denial of Service Vulnerability ... An attacker could leverage this issue to have arbitrary code execute with kernel level privileges. ...
    (Focus-Microsoft)