deactivating DCOM
From: Bijan Kianifard (bijankianifard_at_hotmail.com)
Date: 07/21/03
- Next message: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: FYI: Keep those passwords alphanumeric... spammers use a new tact to relay"
- Previous message: Cherry Qian: "RE: FYI: Keep those passwords alphanumeric... spammers use a new tact to relay"
- Next in thread: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Reply: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Reply: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 20 Jul 2003 21:55:45 -0700
Hello to all,
I recieve this message from eeye digital security and I
think it is interesting to you:
Microsoft Remote Procedure Call (RPC) Vulnerability
Systems Affected
All current versions of Microsoft Windows (e.g. Windows
NT, XP, 2000) and Windows Server 2003.
Potential Impact
This critical flaw allows an attacker to gain control of
systems via TCP Port 135. The flaw is not necessarily in
RPC, rather the flaw is in the way RPC is implemented in
Windows. When exploited, a buffer overflow is created that
could allow remote attackers to run commands with the
highest system privileges.
Rating: Critical
Many networked Windows services rely on RPC in order to
communicate between machines. As a result, Microsoft ships
Windows with this service turned on by default. This means
that every Windows machine is vulnerable, unless it has
been specifically set up to not use RPC (a configuration
which may cause parts of the operating system to function
incorrectly), or unless a patch or workaround has been
applied.
Protecting Against This Vulnerability
The most effective way to protect vulnerable systems is to
apply the Hotfix released by Microsoft in Security
Bulletin MS03-026. However, there is a workaround that
will disable the flawed Windows component so that an
attack over TCP Port 135 will be ineffective. According to
the Microsoft Security Bulletin, the affected service,
known as Distributed Component Object Model (DCOM), may be
disabled with little or no impact to normal Windows
functionality. The procedure for deactivating this
component consists of only a few steps, and is outlined in
the "Frequently Asked Questions" section of the Microsoft
bulletin.
DCOM has long been regarded as a potential security hazard
in Windows, and best security practices recommend
disabling the service unless it is absolutely necessary.
For this reason, Retina® Network Security Scanner has
included an audit for well over a year that flags Windows
machines on which the DCOM service is running. The fix
information included within the audit instructs users to
disable DCOM using the same procedure outlined by
Microsoft.
I don't know how can I deactivate DCOM service on windows
2000 advanced server platform,may somebody help me?
Thank you
Bijan
- Next message: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: FYI: Keep those passwords alphanumeric... spammers use a new tact to relay"
- Previous message: Cherry Qian: "RE: FYI: Keep those passwords alphanumeric... spammers use a new tact to relay"
- Next in thread: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Reply: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Reply: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
