[Dshield] New Microsoft Windows RPC vulnerability

Lane Weast lweast at leeclerk.org
Wed Sep 17 18:33:40 GMT 2003


Look into DCOMCNFG.EXE and DCOMCNFG.CHM  .

My dcomcnfg lists 112 applications that support DCOM . I have used DCOMbobulator at home to un-bind DCOM from tcpip and haven't had any problems as of yet. The DCOMCNFG.exe isn't specific however in saying what applications (if any) in the list will stop working if DCOM unbound from tcpip.

Lane


> -----Original Message-----
> From: Guy Barnum [mailto:GuyBarnum at Armscole.com]
> Sent: Wednesday, September 17, 2003 1:59 PM
> To: General DShield Discussion List
> Subject: RE: [Dshield] New Microsoft Windows RPC vulnerability
> 
> 
> I decided to follow up on one of these DCOMbobulator plugs.  
> Has anyone else tested their client server apps against DCOMbob.exe?
> 
> The grc.com web site indicates that basically no one but 
> hackers would use DCOM to violate your computer so everyone 
> should just shut it off.
> 
> There is a small company by the name of Symantec which uses 
> DCOM and the RPC server for their Winfax client server 
> connection.  Arguably installing winfax software could still 
> be considered a system violation...  If I found an 
> application used as widely as Winfax, which won't work with 
> DCOM turned off, in the first 5 minutes of testing 
> DCOMbob.exe surely there are many more out there and it might 
> not be a good practice to tell everyone in the whole 
> web-world to start turning off DCOM.
> 
> I can picture IT support personnel trying to figure out why 
> their client server app of choice isn't working on x number 
> of systems and how they would figure out the users have read 
> articles like this and turned off their DCOM services.
> 
> Guy
> 
> -----Original Message-----
> From: Rick Leske [mailto:rick at jaray.net]
> Sent: Tuesday, September 16, 2003 11:24 PM
> To: General DShield Discussion List
> Subject: RE: [Dshield] New Microsoft Windows RPC vulnerability
> 
> 
> Well here's a better explanation: http://grc.com/default.htm
> 
> hth,
> 
> ~Rick
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list