[Dshield] Moving infocon to 'half yellow'

Johannes B. Ullrich jullrich at sans.org
Fri Aug 1 21:32:43 GMT 2003


This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Ok. We realy couldn't make up our mind ;-). The RPC DCOM issue is
serious. We are seeing it exploited, and work on refining the exploit is
in progress. While the exploit is not in such heavy use as to cause any
wide spread outages at this time, we did set the 'Infocon' up a notch to
indicate that this is your

VERY LAST CHANCE TO PATCH.

I can't stress enough, that a patch is probably the only safe thing you
can do at this point. Depending on your configuration, there are a
number of ports that can be used to exploit this vulnerability. The
exploits in circulation at this point are for the most part silent if
successful. 

Do not rely on firewalls. There are numerous ways to exploit this issue.
Firewalls will help, but should not be used in lieu of patches. A virus
scanner will most likely not detect the exploit.




-- 
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/KtxUR1p7hYJvB/wRAnmKAJwNL/yriDzWqnpbxLSXUXb5pylr0wCfXTmb
5qNwv0HiF53EbmyaVs9omaE-----END PGP SIGNATURE-----

--
SHA1



More information about the list mailing list