[unisog] Windows XP Pro Reboots

Seidl, David . dseidl at purdue.edu
Tue Jul 29 15:08:49 GMT 2003

We've seen this. It is a result of the DCOM RPC exploit posted by Microsoft.

These links provide more information on the vulnerability.


Exploit demo code has been posted to Bugtraq as "DCOM RPC exploit (dcom.c)".

If you have administrative access to the machines, Eeye provides a scanner
to determine vulnerable systems, as well as more information about the
exploit code.


Finally, Xfocus.org provides a detailed look at the ASM code:


McAfee's current VirusScan update does detect part of the toolkit installed.

David Seidl
IT Security and Policy Analyst
Purdue University / ITaP Security & Policy
dseidl at purdue.edu

>-----Original Message-----
>From: Lois Lehman [mailto:LOIS.LEHMAN at asu.edu] 
>Sent: Monday, July 28, 2003 4:59 PM
>To: 'unisog at sans.org'
>Subject: [unisog] Windows XP Pro Reboots
>Has anyone at other universities seen Windows XP Pro machines 
>suddenly report that the RPC service has failed and the 
>machine will reboot in 1 minute?  We have had several on our 
>campus this afternoon and are looking for some information on 
>what might be happening.
>Please let me know if you have any information.
>Lois Lehman
>College Network Security Manager
>Physical Sciences Computer Support Manager
>College of Liberal Arts & Sciences
>Arizona State University

More information about the unisog mailing list