Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: RPC DCOM exploit
.

  • To: Peter Fry <[EMAIL PROTECTED]>
  • Subject: Re: RPC DCOM exploit
  • From: Barry Fitzgerald <[EMAIL PROTECTED]>
  • Date: Mon, 04 Aug 2003 10:58:11 -0400
  • Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
.
 

Hmm...
I haven't seen system log corruption, yet. I'll have to keep my eye out for that.
I think that the Service Pack has a lot to do with this, or perhaps some other patch not directly related to MS03-026.
In my latest tests, I've gotten failed processes on Windows 2000 SP2 boxen but Windows 2000 SP3/4 boxen have functioned properly after the attack - with the attack only working once until a reboot occurs. 
      -Barry


Peter Fry wrote:


Is anyone else on the list seeing that at least some of their target
systems are not rebooting after executing this code?


yeah, two of our machines didn't reboot, but they did get their system
logs corrupted, so i'm thinking they did get affected to some extent. Maybe if the machines are patched it does that much but does not reboot? 








---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.