[32048] in bugtraq
Re: Bad news on RPC DCOM vulnerability
daemon@ATHENA.MIT.EDU (K-OTiK Security)
Sat Oct 11 14:41:35 2003
Date: 10 Oct 2003 21:51:22 -0000
Message-ID: <20031010215122.13320.qmail@sf-www2-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: K-OTiK Security <Special-Alerts@k-otik.com>
To: bugtraq@securityfocus.com
In-Reply-To: <1155962754.20031010184852@SECURITY.NNOV.RU>
as confirmed by 3APA3A and security labs, it seems that the public exploit *works* even if the patch MS03-039 is *installed*
This is a highly critical vulnerability - users MUST block vulnerable ports !
Regards.
K-OTik Staff /\\/ http://wwww.k-otik.com
>From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
>
>Dear bugtraq@securityfocus.com,
>
>There are few bad news on RPC DCOM vulnerability:
>
>1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
>again actual.
>2. It was reported by exploit author (and confirmed), Windows XP SP1
>with all security fixes installed still vulnerable to variant of the
>same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
>exists, but code execution is probably possible. Technical details are
>sent to Microsoft, waiting for confirmation.
>
>Dear ISPs. Please instruct you customers to use personal fireWALL in
>Windows XP.
