[unisog] New (No kidding) RPC Vulnerability

WENDY SHIH wshih at res.kent.edu
Thu Sep 11 14:29:21 GMT 2003

Hi, I just read the Eeye article.  I don't think this patch fix the
previous vulnerability ? Can someone confirm it ?
    Note: This vulnerability differs from the vulnerability publicized in Microsoft        
    Bulletin MS03-026 (http://www.microsoft.com/technet/security/bulletin/MS03-026.asp).   
    This is a new vulnerability, and a different patch that must be installed.             

                      Gary Flynn                                                                            
                      <flynngn at jmu.edu>        To:                                                          
                                               cc:       unisog at sans.org                                    
                      2003/09/10 04:58         Subject:  Re: [unisog] New (No kidding) RPC Vulnerability    

Dax wrote:

>            Sadly, I can't even come up with something quick and witty to
> say, thanks to my slack-jawed state of disbelief...
> http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
> http://www.microsoft.com/security/security_bulletins/MS03-039.asp
>            Sooo...good job patching for Blaster everyone...Next!

And just to avoid confusion, it IS a new defect:

The patch fixes both the old and new defects. Doesn't look as
easy to exploit but there is a lot of attention being paid
to it. :(

Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.

More information about the unisog mailing list