Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [normal] Re: MS RPC remote exploit. What about DCOMbobulator?

From: Russell Fulton <r.fulton () auckland ac nz>
Date: Fri, 10 Oct 2003 06:51:38 +1300
On Fri, 2003-10-10 at 05:09, opticfiber wrote:

It's come to my attetion that disablinf DCOM in windows is near 
impossible without a regedit. Hopefully no one's already posted this to 
the list, if so my appologies for the redundancy. Steve Gibson from 
grc.com creates lots of tiny little applications to tighten up windows 
security. One of his latestest programs disables the DCOM service all 
together, no need for a patch. This might be a better option rather then 
just a patch, espcially for users who don't utilize this service. The 
tool can be found at the following URL: http://grc.com/dcom/


Disable DCOM by all means, but also apply the patch!  I have seen
numerous cases of where services have been disable to mitigate some
security concern only to be re-enabled later (either by accident or
deliberately) leaving the machine vulnerable.

-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: