Re: deactivating DCOM
From: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 07/21/03
- Next message: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Previous message: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: FYI: Keep those passwords alphanumeric... spammers use a new tact to relay"
- In reply to: Bijan Kianifard: "deactivating DCOM"
- Next in thread: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 20 Jul 2003 22:09:31 -0700
Why not just patch the system?
But info is here.....
Port Authority, for Internet Port 135 :
http://nanoprobe.grc.com/port_135.htm
Bijan Kianifard wrote:
> Hello to all,
>
> I recieve this message from eeye digital security and I
> think it is interesting to you:
>
> Microsoft Remote Procedure Call (RPC) Vulnerability
>
> Systems Affected
> All current versions of Microsoft Windows (e.g. Windows
> NT, XP, 2000) and Windows Server 2003.
>
> Potential Impact
> This critical flaw allows an attacker to gain control of
> systems via TCP Port 135. The flaw is not necessarily in
> RPC, rather the flaw is in the way RPC is implemented in
> Windows. When exploited, a buffer overflow is created that
> could allow remote attackers to run commands with the
> highest system privileges.
>
> Rating: Critical
> Many networked Windows services rely on RPC in order to
> communicate between machines. As a result, Microsoft ships
> Windows with this service turned on by default. This means
> that every Windows machine is vulnerable, unless it has
> been specifically set up to not use RPC (a configuration
> which may cause parts of the operating system to function
> incorrectly), or unless a patch or workaround has been
> applied.
>
> Protecting Against This Vulnerability
> The most effective way to protect vulnerable systems is to
> apply the Hotfix released by Microsoft in Security
> Bulletin MS03-026. However, there is a workaround that
> will disable the flawed Windows component so that an
> attack over TCP Port 135 will be ineffective. According to
> the Microsoft Security Bulletin, the affected service,
> known as Distributed Component Object Model (DCOM), may be
> disabled with little or no impact to normal Windows
> functionality. The procedure for deactivating this
> component consists of only a few steps, and is outlined in
> the "Frequently Asked Questions" section of the Microsoft
> bulletin.
>
> DCOM has long been regarded as a potential security hazard
> in Windows, and best security practices recommend
> disabling the service unless it is absolutely necessary.
> For this reason, Retina® Network Security Scanner has
> included an audit for well over a year that flags Windows
> machines on which the DCOM service is running. The fix
> information included within the audit instructs users to
> disable DCOM using the same procedure outlined by
> Microsoft.
>
> I don't know how can I deactivate DCOM service on windows
> 2000 advanced server platform,may somebody help me?
>
> Thank you
>
> Bijan
-- "Don't lose sight of security. Security is a state of being, not a state of budget. He with the most firewalls still does not win. Put down that honeypot and keep up to date on your patches. Demand better security from vendors and hold them responsible. Use what you have, and make sure you know how to use it properly and effectively." ~ Rain Forest Puppy http://www.wiretrip.net/rfp/txt/evolution.txt
- Next message: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Previous message: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: FYI: Keep those passwords alphanumeric... spammers use a new tact to relay"
- In reply to: Bijan Kianifard: "deactivating DCOM"
- Next in thread: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: deactivating DCOM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
