[unisog] New (No kidding) RPC Vulnerability

Eric Pancer epancer at security.depaul.edu
Wed Sep 10 20:50:48 GMT 2003


On Wed, 2003-09-10 at 12:16:35 -0700, Dax proclaimed...

> http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
> http://www.microsoft.com/security/security_bulletins/MS03-039.asp
> 	
> 	Sooo...good job patching for Blaster everyone...Next!

I'm getting to the point here that, when asked what the alternatives
are, I'll just point them in a couple different places.

<http://www.openbsd.org/>
<http://www.apple.com/macosx/>
<http://www.freebsd.org/>
<http://www.linux.org/>

What I'd love to see from Microsoft is a patch that binds the RPC
listeners to 127.0.0.1 only.

-- 
Eric Pancer     Computer Security Response Team     DePaul University
http://security.depaul.edu/               epancer at security.depaul.edu 
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3



More information about the unisog mailing list