[Dshield] New Microsoft Windows RPC vulnerability

Guy Barnum GuyBarnum at Armscole.com
Wed Sep 17 17:58:56 GMT 2003


I decided to follow up on one of these DCOMbobulator plugs.  Has anyone else tested their client server apps against DCOMbob.exe?

The grc.com web site indicates that basically no one but hackers would use DCOM to violate your computer so everyone should just shut it off.

There is a small company by the name of Symantec which uses DCOM and the RPC server for their Winfax client server connection.  Arguably installing winfax software could still be considered a system violation...  If I found an application used as widely as Winfax, which won't work with DCOM turned off, in the first 5 minutes of testing DCOMbob.exe surely there are many more out there and it might not be a good practice to tell everyone in the whole web-world to start turning off DCOM.

I can picture IT support personnel trying to figure out why their client server app of choice isn't working on x number of systems and how they would figure out the users have read articles like this and turned off their DCOM services.

Guy

-----Original Message-----
From: Rick Leske [mailto:rick at jaray.net]
Sent: Tuesday, September 16, 2003 11:24 PM
To: General DShield Discussion List
Subject: RE: [Dshield] New Microsoft Windows RPC vulnerability


Well here's a better explanation: http://grc.com/default.htm

hth,

~Rick




More information about the list mailing list