[197] in Security FYI
[Security-fyi] exploit for MS03-026 RPC vulnerability
daemon@ATHENA.MIT.EDU (Linda A. LeBlanc)
Fri Jul 25 14:49:09 2003
Message-Id: <5.1.0.14.2.20030725132605.022fce80@po12.mit.edu>
Date: Fri, 25 Jul 2003 14:08:30 -0400
To: security-fyi@mit.edu, Itpartners@mit.edu, winpartners@mit.edu,
mitvirus@mit.edu
From: "Linda A. LeBlanc" <leblancl@MIT.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
cc: goguen@mit.edu
cc: infosys@mit.edu
Errors-To: security-fyi-bounces@mit.edu
If a machine is a target of the currently available exploit program
for the MS03-026 vulnerability, it will in some cases pop up a window
titled "System Shutdown" with the text:
This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM
Time before shutdown: 00:00:59
Message:
Windows must now restart because the Remote Procedure Call
(RPC) service terminated unexpectedly
(The machine then reboots in 59 seconds.)
This indicates an unsuccessful exploit attempt on an unpatched
machine. If customers see this message, they should most likely save
their work and then disconnect from the network, or else patch the
machine immediately after it reboots.
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi