![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Tick... tick... tick...
Jul. 28th, 2003 11:44 pmAttacks using the new RPC/DCOM hole are picking up in frequency and volume. So much, one Uni says they will start pulling vulnerable systems from their net. Not COMPROMISED systems... VULNERABLE systems. I.e., "Oh, you didn't patch this week? No worry. We'll just undo your network connection RIGHT HERE [*CRUNCH*]...."
Small wonder, though. There's exploits out in source, one with a menu so you don't even have to think about the target system offset value. Heck, there's a precompiled Windows32 app version of the 'sploit. Point and drool system breakin. It's like a feeding frenzy; h4x0r r10t0Rz l00T1n.
Wonder what I'm talking about? Ok, here's an easy way to tell if your system is open to the vulnerability announced in MS03-026:
Q: Running Windows NT4, 2000, XP, or 2003?
a) No? Not vulnerable.
b) Yes? It's vulnerable...
...unless you patched recently specifically for the hole, or you're running personal firewall software (in which case, your box still has the hole, but is reasonably protected if the FW is set up correctly).
Oh, MS suggested a "workaround" -- turn off DCOM, a "workaround" that breaks Acrobat, Excel, and many other applications. "Gee, Thanks!"
Wonder what I'm talking about?
Run dcomcnfg (Start->Run->dcomcnfg)
Click "no" a couple times.
Looooook at that list of software you might break by turning off DCOM. "Gosh, great suggestion, Microsoft!"
Alternatively, unplug affected system, and bury head in sand. Hum loudly.
Small wonder, though. There's exploits out in source, one with a menu so you don't even have to think about the target system offset value. Heck, there's a precompiled Windows32 app version of the 'sploit. Point and drool system breakin. It's like a feeding frenzy; h4x0r r10t0Rz l00T1n.
Wonder what I'm talking about? Ok, here's an easy way to tell if your system is open to the vulnerability announced in MS03-026:
Q: Running Windows NT4, 2000, XP, or 2003?
a) No? Not vulnerable.
b) Yes? It's vulnerable...
...unless you patched recently specifically for the hole, or you're running personal firewall software (in which case, your box still has the hole, but is reasonably protected if the FW is set up correctly).
Oh, MS suggested a "workaround" -- turn off DCOM, a "workaround" that breaks Acrobat, Excel, and many other applications. "Gee, Thanks!"
Wonder what I'm talking about?
Run dcomcnfg (Start->Run->dcomcnfg)
Click "no" a couple times.
Looooook at that list of software you might break by turning off DCOM. "Gosh, great suggestion, Microsoft!"
Alternatively, unplug affected system, and bury head in sand. Hum loudly.
