[unisog] MSDDS.DLL vulnerability (Was: re: zotob and returning students, what are you going to do?)

Brian Eckman eckman at umn.edu
Fri Aug 19 18:33:48 GMT 2005


Mark Wilson wrote:
> Can someone clarify some things about this vulnerablity and remediation
> measures?  According to http://isc.sans.org/ "You are only vulnerable if
> you have msdds.dll installed on your system.   The vulnerable version
> is: 7.0.9064.9112 . Later versions are not vulnerable (in particular
> 7.10.x)"
> 
> A couple of questions:
> 1. Is Windows XP SP2 vulnerable (seems like I have read it is not
> vulnerable)?  What if the vulnerable version of msdds.dll is on the XP
> box?
> 2. If the NON-vulnerable dll is installed , does the kill bit have to
> be set?

msdds.dll is not installed by *any* version of Windows. Only other
Microsoft products install it. If it's not vulnerable, I would guess
that setting the kill bit will only protect you from future bugs, and
might break stuff.

Brian
-- 
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota


More information about the unisog mailing list