[Dshield] Moving infocon to 'half yellow'
Johannes B. Ullrich
jullrich at sans.org
Fri Aug 1 21:32:43 GMT 2003
This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
Ok. We realy couldn't make up our mind ;-). The RPC DCOM issue is
serious. We are seeing it exploited, and work on refining the exploit is
in progress. While the exploit is not in such heavy use as to cause any
wide spread outages at this time, we did set the 'Infocon' up a notch to
indicate that this is your
VERY LAST CHANCE TO PATCH.
I can't stress enough, that a patch is probably the only safe thing you
can do at this point. Depending on your configuration, there are a
number of ports that can be used to exploit this vulnerability. The
exploits in circulation at this point are for the most part silent if
Do not rely on firewalls. There are numerous ways to exploit this issue.
Firewalls will help, but should not be used in lieu of patches. A virus
scanner will most likely not detect the exploit.
SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
5qNwv0HiF53EbmyaVs9omaE-----END PGP SIGNATURE-----
More information about the list