Giorgius
13-10-2003, 23.05.45
Da pochi giorni è stata segnalata nella rete che anche attraverso l'ultima Patch Microsoft del servizio RPC MS03-039, possa avvenire un attacco dall'esterno ai seguenti Sistemi Operativi Microsoft:
Dalla rete:
Description of Issue
--------------------
VigilantMinds has successfully validated the claims regarding the latest
Microsoft Remote Procedure Call (RPC) vulnerability. Specifically,
VigilantMinds has validated that hosts running fully patched versions of
the following Microsoft operating systems REMAIN subject to denial of
service attacks and possible remote exploitation:
* Microsoft Windows XP Professional
* Microsoft Windows XP Home
* Microsoft Windows 2000 Workstation
Although it has not been verified at this time, other versions of
Microsoft Windows are also suspected to be subject to this
vulnerability.
As with the prior RPC vulnerability (MS03-039), these attacks can occur
on TCP ports 135, 139, 445 and 593; and UDP ports 135, 137, 138 and 445.
Remediation Actions
-------------------
VigilantMinds has notified CERT/CC and informed the vendor of this
issue. As of this posting, no vendor patch is yet available.
As a temporary solution, VigilantMinds suggests that firewall rules be
placed on all affected ports for any exposed systems. All external
connectivity (including VPN) should be firewalled actively for
unnecessary incoming RPC activity.
Si consiglia di procedere urgentemente all'utilizzo dell'utility Gibson "DCOMbobulator" per disabilitare il servizio RPC Microsoft.
Info:
http://grc.com/dcom/
Download:
Mirror: http://grc.com/files/DCOMbob.exe
Chi ha già utilizzato la patch "039", deve anch'esso utilizzare il "DCOMbobulator" per rendere il vostro Sistema sicuro contro questi attacchi.
;)(Y)
Dalla rete:
Description of Issue
--------------------
VigilantMinds has successfully validated the claims regarding the latest
Microsoft Remote Procedure Call (RPC) vulnerability. Specifically,
VigilantMinds has validated that hosts running fully patched versions of
the following Microsoft operating systems REMAIN subject to denial of
service attacks and possible remote exploitation:
* Microsoft Windows XP Professional
* Microsoft Windows XP Home
* Microsoft Windows 2000 Workstation
Although it has not been verified at this time, other versions of
Microsoft Windows are also suspected to be subject to this
vulnerability.
As with the prior RPC vulnerability (MS03-039), these attacks can occur
on TCP ports 135, 139, 445 and 593; and UDP ports 135, 137, 138 and 445.
Remediation Actions
-------------------
VigilantMinds has notified CERT/CC and informed the vendor of this
issue. As of this posting, no vendor patch is yet available.
As a temporary solution, VigilantMinds suggests that firewall rules be
placed on all affected ports for any exposed systems. All external
connectivity (including VPN) should be firewalled actively for
unnecessary incoming RPC activity.
Si consiglia di procedere urgentemente all'utilizzo dell'utility Gibson "DCOMbobulator" per disabilitare il servizio RPC Microsoft.
Info:
http://grc.com/dcom/
Download:
Mirror: http://grc.com/files/DCOMbob.exe
Chi ha già utilizzato la patch "039", deve anch'esso utilizzare il "DCOMbobulator" per rendere il vostro Sistema sicuro contro questi attacchi.
;)(Y)