Don't know how many windows admins out there, but incase you havn't yet heard about the new windows RPC sploit, read below. ----- Forwarded message from Haroon Meer <haroon(a)sensepost.com> ----- Date: Fri, 18 Jul 2003 02:48:06 +0200 (SAST) From: Haroon Meer <haroon(a)sensepost.com> Reply-To: Haroon Meer <haroon(a)sensepost.com> Subject: Critical Vulnerability discovered in Windows Servers To: icepick(a)cybernett.co.za Dear Barry Murphy, Vulnerability in Microsoft Windows Servers. Versions Affected : Windows XP, Windows NT4, Windows2000, Windows2003 Severity of Bug : CRITICAL Port / Service : Port 135 - Microsoft RPC A Polish security research group have found a remotely exploitable bug in Windows based operating systems. The bug affects almost the entire Microsoft Product range from Windows NT4, to Windows2000 and even Windows2003. The exploit uses port 135 as its attack vector with the exploitable component being Microsoft RPC. This vulnerability should be considred "Critical" since it yields "SYSTEM" privileges on the victim machine. Microsoft have issued an advisory and a patch is available from them at the following location : http://www.microsoft.com/security/security_bulletins/ms03-026.asp The possible workarounds for the problem untill the patch is applied are to : [a] Firewall off access to port 135 [b] Disable DCOM on the server (Using Dcomcnfg.exe) While no exploit code for this vulnerability is currently reported in the wild, the problem aknowledged by Microsoft to be exploitable, meaning that Proof of Concept exploits (and possibly worms) will not be a long time coming. Full details on the exploit can be found at http://lsd-pl.net/special.html. Sincerely. ======================================================= SensePost Research research(a)sensepost.com http://www.sensepost.com (tel) +27 12 667 4737 ======================================================= ----- End forwarded message ----- ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/