Re: Microsoft latest DCOM RPC vulnerability: another failure!

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 08/16/03 

Date: Sat, 16 Aug 2003 13:21:06 -0400

If you get a very good firewall, good AV software, and keep your computers
all patched to the gills, you should be okay. They can't get through a
properly configured firewall to access indiviual computers with this
utility.

Issac Medina wrote:
> This was sent to microsoft without success!
>
>
> London, Saturday 16-Aug-2003, 11:30am
>
> Dear Sir, Madam;
>
> Microsoft latest DCOM RPC vulnerability can hit again with
> a non relevant utility Microsoft corporation has published.
>
> Microsoft has published a network scanning utility that
> allow network administrators as well as hackers, crackers
> and other script kiddies to do the following: "The
> KB823980scan.exe tool can scan remote host computers
> without requiring authentication (that is, you do not have
> to supply valid credentials on the remote host computer).
> Use of the KB823980scan.exe tool does not affect the
> stability of the target operating system that is
> scanned.",http://support.microsoft.com/default.aspx?scid=kb;en-us;826369.
>
> By using this scanning tool we've found out that non
> authorized personnel can locate hosts that are vulnerable
> to the worm and attack them directly, eliminating the need
> of scanning entire networks.
> Since Microsoft Corporation doesn't allow our browsers
> (which are NOT Microsoft products) to access and find a way
> to communicate with their "Report a Security Vulnerability"
> web page
>
(https://www.microsoft.com/technet/treeview/default.asp?url=/Technet/securit
y/bulletin/alertus.asp)
> by e-mail, we have decided to submit our SPECIAL and urgent
> report to you immediately.
> Please feel free to contact us for more information and
> comments.
>
> Best Regards,
>
> Issac Medina
> Co-Founder
>
> Netcom Ltd.
> Core Securities Division
>
> United Kingdom
> "If there is a way in, we'll find it!"

Relevant Pages

  • Re: DHCP through ISA VPN
    ... Computers list. ... For the firewall exception issue, do you mean you have configured windows ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Active Directory Folders
    ... >> I'm certainly not going to discount a book published by Microsoft ... >> replace the computers and users containers created by default and ... Passowords can only be set in a GPO at the ... Laptops ...
    (microsoft.public.windows.server.active_directory)
  • Re: [ANN] "Dbl-Click Wont Open..." Issues
    ... A responsible citizen at Microsoft realised they would have to ... had to take two extra steps to put their computers at risk. ... It won't affect me -- I have commercial-grade security systems set up on ...
    (microsoft.public.mac.office)
  • Re: Microsoft Gadgets
    ... I'm sure that neither Bill or Steve want to pay any patent license fees to Yahoo. ... So Microsoft is being no different than Apple when it comes to copying ideas. ... If I'm not mistaken, both the Commodore Amiga and the Atari 500 had a windowed OS about the same time as the Lisa (Apple's first REAL PC with a true windowed environment.) I really liked the Lisa when it came out, but it was SO EXPENSIVE it was completely beyond my capabilities. ... The great majority thought of computers as HUGE things filling up whole buildings, with white-coated scientists or technicians operating them. ...
    (comp.sys.mac.advocacy)
  • If you are having problems with Internet Explorer or Outlook Express... READ THIS!!!!
    ... I have always been an advocate of Microsoft over the years because I think ... I'm an old guy who has enjoyed working with computers ... I then installed Mozilla Firefox and Thunderbird. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)