[unisog] MSDDS.DLL vulnerability (Was: re: zotob and returning students, what are you going to do?)

Brian Eckman eckman at umn.edu
Fri Aug 19 18:33:48 GMT 2005

Mark Wilson wrote:
> Can someone clarify some things about this vulnerablity and remediation
> measures?  According to http://isc.sans.org/ "You are only vulnerable if
> you have msdds.dll installed on your system.   The vulnerable version
> is: 7.0.9064.9112 . Later versions are not vulnerable (in particular
> 7.10.x)"
> A couple of questions:
> 1. Is Windows XP SP2 vulnerable (seems like I have read it is not
> vulnerable)?  What if the vulnerable version of msdds.dll is on the XP
> box?
> 2. If the NON-vulnerable dll is installed , does the kill bit have to
> be set?

msdds.dll is not installed by *any* version of Windows. Only other
Microsoft products install it. If it's not vulnerable, I would guess
that setting the kill bit will only protect you from future bugs, and
might break stuff.

Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota

More information about the unisog mailing list