Stop the latest M$ exploit worm virus thing before it kills your machine... - X Nations
      
      
Go Back   X Nations > X Nations > General Webmaster Business and Discussions

Reply
 
Thread Tools Display Modes
Old 08-05-2003, 09:04 PM   #1
StuartD
StuartD should edit this
Sofa King Band
 
StuartD's Avatar
 
Join Date: Sep 2002
Location: Outside the box
Posts: 1,053
xBucks: 10,866
Send a message via ICQ to StuartD
Default Stop the latest M$ exploit worm virus thing before it kills your machine...

They say it's the "worst expoit in history" so read up and stop it now while you can.
What does this worm let the attacker do? "Let's attacker run code of their choice"... so ya know that's not good.

IMPACT
The recently announced Remote Procedure Call (RPC) vulnerability in computers running Microsoft Windows operating systems listed above could be exploited to allow the execution of arbitrary code or could cause a denial of service state in an unprotected computer. Because of the significant percentage of Internet-connected computers running Windows operating systems and using high speed connections (DSL or cable for example), the potential exists for a worm or virus to propagate rapidly across the Internet carrying payloads that might exploit other known vulnerabilities in switching devices, routers, or servers.

DETAILS
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The vulnerability results from the handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines (such as Universal Naming Convention (UNC) paths) to the server. An attacker who successfully exploited this vulnerability would be able to run code with local system privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.

RECOMMENDATION
Due to the seriousness of the RPC vulnerability, DHS and Microsoft encourage system administrators and computer owners to take this opportunity to update vulnerable versions of Microsoft Windows operating systems as soon as possible. Microsoft updates, workarounds, and additional information are available at http://microsoft.com/technet/treevie...n/MS03-026.asp

DHS and Microsoft further suggest that Internet Service Providers and network administrators consider blocking TCP and UDP ports 135, 139, and 445 for inbound connections unless absolutely needed for business or operational purposes.

Source Department of Homeland Security
__________________
"If you are not going to heaven, why miss it by an inch?" - Sam Kinison
StuartD is offline   Reply With Quote
Old 08-06-2003, 05:31 AM   #2
wsjb78
wsjb78 should edit this
Local Shadow Agent #1
 
wsjb78's Avatar
 
Join Date: Nov 2002
Location: Home
Posts: 1,061
xBucks: 17,497
Default Re: Stop the latest M$ exploit worm virus thing before it kills your machine...

Quote:
Originally posted by StuartD
They say it's the "worst expoit in history" so read up and stop it now while you can.
Don't they say this always?

Anyway, thx for the info Stuart. I just blocked those ports!
wsjb78 is offline   Reply With Quote
Old 08-06-2003, 02:36 PM   #3
StuartD
StuartD should edit this
Sofa King Band
 
StuartD's Avatar
 
Join Date: Sep 2002
Location: Outside the box
Posts: 1,053
xBucks: 10,866
Send a message via ICQ to StuartD
Default Re: Re: Stop the latest M$ exploit worm virus thing before it kills your machine...

Quote:
Originally posted by wsjb78
Don't they say this always?

Anyway, thx for the info Stuart. I just blocked those ports!
yeah well, the last time they said it was Code Red, and they were right... but that was only for win2k/nt servers...
this one is for xp as well, which kinda hits more at home.

Also, Code Red's only purpose was to propogate. This one will let an attacker run any command or code they want on your machine.

So on a grand scale... Code Red had more limits than this one.
__________________
"If you are not going to heaven, why miss it by an inch?" - Sam Kinison
StuartD is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
2013 - xnations.com
All times are GMT -4. The time now is 06:42 PM.
Skin by vBCore.com