Re: Bad news on RPC DCOM vulnerability
In-Reply-To: <1155962754.20031010184852@xxxxxxxxxxxxxxxx>
as confirmed by 3APA3A and security labs, it seems that the public exploit
*works* even if the patch MS03-039 is *installed*
This is a highly critical vulnerability - users MUST block vulnerable ports !
Regards.
K-OTik Staff /\\/ http://wwww.k-otik.com
>From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
>
>Dear bugtraq@xxxxxxxxxxxxxxxxx,
>
>There are few bad news on RPC DCOM vulnerability:
>
>1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
>again actual.
>2. It was reported by exploit author (and confirmed), Windows XP SP1
>with all security fixes installed still vulnerable to variant of the
>same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
>exists, but code execution is probably possible. Technical details are
>sent to Microsoft, waiting for confirmation.
>
>Dear ISPs. Please instruct you customers to use personal fireWALL in
>Windows XP.