[Dshield] Security Alert: Remote Vulnerability in Internet Explorer via DCOM

Kenneth Porter shiva at sewingwitch.com
Mon Jul 8 18:21:02 GMT 2002


On Mon, 2002-07-08 at 07:20, John Sage wrote:

> Apparently Micro$oft has renamed DCE/RPC to DCOM; see:
> http://www.opengroup.org/onlinepubs/009629399/
> for DCE/RPC itself, although both of these, upon quick scan, seem
> pretty general...

I'm familiar with Sun's RPC, not DCE's, but a quick scan suggests a
similar implementation, which means the port chosen for a service is not
deterministic. I didn't find something analogous to the Sun portmapper
but I probably didn't just look hard enough. One could block that. (I'm
thinking of what one would need to block on a Windows box in a LAN
environment. For a secure Internet gateway, one of course blocks
everything not needed.)




More information about the list mailing list