Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [normal] Re: MS RPC remote exploit. What about DCOMbobulator?

From: opticfiber <opticfiber () topsight net>
Date: Thu, 09 Oct 2003 12:09:01 -0400
It's come to my attetion that disablinf DCOM in windows is near impossible without a regedit. Hopefully no one's already posted this to the list, if so my appologies for the redundancy. Steve Gibson from grc.com creates lots of tiny little applications to tighten up windows security. One of his latestest programs disables the DCOM service all together, no need for a patch. This might be a better option rather then just a patch, espcially for users who don't utilize this service. The tool can be found at the following URL: http://grc.com/dcom/ 

William Reyor
Http://www.topsight.net

Patrick Brauch wrote:


On Thu, 9 Oct 2003, Sudharsha Wijesinghe wrote:


According to MS there cant be any Remote exploit on MS RPC except for a
DOS attack using 139/135/445.


Where did they say so?

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp

"Impact of vulnerability: Three new vulnerabilities, the most serious of
which could enable an attacker to run arbitrary code on a user\x{2019}s
system."

cheers,



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: