DCOM/RPC Buffer Overflow

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Problem with ACT email after installing security updates I hope that someone can help. I've upgraded to Windows XP Professional which was installed over Win 98. I also upgraded to ACT 6.0 which promised better email features. I couldn't get ACT to accept Outlook Express as the email program so I used the Act Email. Everything worked fine for several weeks until after I automatically installed some XP security updates. Now the ACT email program will not start-up with certain "bad" emails in the inbox. As long as there are no "bad" emails in the inbox, the program functions fine. When bad emails appear I have to manually delete them from the box with Explorer. The Outlook Express program functions fine on its own. I've tried the Act helpdesk in France with no help. They say that it has to do with the updates for Windows XP. Can anyone please help? Rudi Goldman Tag: DCOM/RPC Buffer Overflow Tag: 26827
  - 2
    - Problems With Windows Update We are trying to update a number of our servers by accessing the Windows Update Site and then asking it to "Scan for Updates". In most cases, machines check okay showing 33%, 66% e.t.c and then come up with a list of patches which are needed. However, a number of machines seem to reach 100% of the check in a matter of a few seconds, and it then says that "no updates are available at the present time". Now I know that some of these machines are not running the latest patches so somewhere along the line the check is not working correctly. Has anyone else come across this ? If so, what can I do to rectify this problem ? Thanks Mark Williams Tag: DCOM/RPC Buffer Overflow Tag: 26825
  - 3
    - not able to create socket ,coz of insufficient user rights I am developing a web server in ASP.NET. There are 2 web services in it. I have a C++ (unmanaged) Library whose functions are being called from my C# code with DLLIMPORT attribute. Problem: My C++ library has two functions. Both of them are opening sockets using Winsock. One function is opening socket like (1) sockRaw = WSASocket(AF_INET,SOCK_RAW,IPPROTO_ICMP,NULL,0 ,WSA_FLAG_OVERLAPPED); and the other function is (2) m_Socket = socket(AF_INET, SOCK_STREAM, 0); I login to my this site from different machine in same network domain(LAN). I login with my windows user ID and password of that system. I am able to login with administrative rights as well as with user rights. All the users are of the system where the webserver is running. My problem is : When I login with normal user ID password API (1) is failing, I am not able to debug this code. But it is failing. Whereas in case of administrator every thing is working fine. Or in other word I would say that WSASocket is failing in to create socket because of insufficient user rights. This is very strange for me , I don't know how it is happening so kindly help me or suggest me what I should do. IIS settings: I set my Directory security to Basic Authentication. System: I am using WINDOWS 2000 service pack 3 IIS 5.0 Dot net 2002 with Framework 1.1. Thanks in advance abhijeet Tag: DCOM/RPC Buffer Overflow Tag: 26824
  - 4
    - Unable to configure licensing on the control panel. I'm using Windows NT4 Server, i unable to configure licensing on the control panel. When i try to double click Licensing icon it promt this message "Not available in the MSDN Edition of BlackOffice" What happen before was a workstation always cant log on or cant use the share folder and message promt "Request is not accepted bt the network, Try again later". And i was found that the client was reacher the licensing quantity. So i have purchase another 10 more and still a same. And after all this happen i was found that i was unable to log on to licensing on the control panel say "Not available in the MSDN Edition of BlackOffice" Tag: DCOM/RPC Buffer Overflow Tag: 26821
  - 5
    - Secured Sockets After establishing a TCP/IP connection between two PCs (W98, WNT, W2000...), how can I easily secure it using C++ libraries ? Thanks for help. Marc. Tag: DCOM/RPC Buffer Overflow Tag: 26820
  - 6
    - Outlook Express I frequently send and receive *.jpg images in email. OE is automatically removing them from both my outgoing and incoming emails. How do I prevent this from happening. I would like to be asked permission before the attachment is removed. Do I have to change my security setting to "Internet zone" instead of "Restricted Sites Zone"? Tag: DCOM/RPC Buffer Overflow Tag: 26804
  - 7
    - Need a firewall - Using Windows Server 2000 as a workstation I am using Windows Server 2000 as a workstation. What inexpensive software firewalls run on a server? I only need to protect the single machine. Thanks Bill Zack Tag: DCOM/RPC Buffer Overflow Tag: 26800
  - 8
    - Lost Serial Number Office 2000 My computer had to be brought back to its original condition and I lost everything. Where I have my Microsoft Office 2000 disk, I don't have the case where the serial # is. I did register with Microsoft in the beginning. Would someone have info on how to obtain this serial number from the registry with Microsoft? Thanks. Pls respond to madvey1@wideopenwest.com. Tag: DCOM/RPC Buffer Overflow Tag: 26796
  - 9
    - security lock In my old version of explorer I got a lock symbol on the tool bar when I was visitibg a secure site. With my new Windows XP and explorer 6 I'm not seeing the lock, even when I visit a site that I know should be secure. Am I looking in the wrong place? Are my settings wrong? Thanks, John Tag: DCOM/RPC Buffer Overflow Tag: 26795
  - 10
    - Critical update contained a virus While downloading a crit update for exp 6, serv pak 1, Norton A-V grabbed a virus. I thought people should know. Unfortunately, I couldn't find any way to contact Microsoft about it...? Tag: DCOM/RPC Buffer Overflow Tag: 26794
  - 11
    - Critical Updates I'd like a nickel for every time I've tried to install XP service pack 1. If it's REALLY critical, you'd better make it SIMPLER! I've followed all instructions, including disabling my virus protection. After many attempts, I finally thought I had it when the installation seemed to be underway. After approximately 90 minutes into the process, guess what? The installation failed! I just don't have time for this, folks! Tag: DCOM/RPC Buffer Overflow Tag: 26793
  - 12
    - current scan by SPYBOT the following results are being displayed by SPYBOT i am concerned about being exploited by undesireables what does it mean and what should i do about it? >>>>>>>>>>>>> DSO Exploit: Data source object exploit HKEY_USERS\S-1-5-18 \Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3 >>>>>>>>>>>>> Company: Microsoft Product: Internet Explorer Threat: Security hole Company URL: http://www.microsoft.com/ Company product URL: http://www.microsoft.com/windows/ie/ Company privacy URL: http://www.microsoft.com/info/privacy.htm Description There's a security hole in IE allowing websites to execute code without asking you first. You can find more information at http://security.greymagic.com/adv/gm001-ie/ >>>>>>>>>>>>> thanks for ANY response JHFoster Tulsa, Ok Tag: DCOM/RPC Buffer Overflow Tag: 26791
  - 13
    - popups that are pains can anyone offer a solution to stop the annoying grey box popups that you have to click on forever to get rid of? they say to gop to their site and unsubscribe, yet when I do this I get page not available. I could buy their stop the popups software hpwever, that would just make them successful. does anyone want to file a class action against these idiots? i.e. endads.com,stopmessenger.com... please email an answer to twogood2b4u2@yahoo.com and post your reply at the mocrosoft.public.security Newsgroup thanks, larry let's get these guys!!!!!!!!!!!!! Tag: DCOM/RPC Buffer Overflow Tag: 26790
  - 14
    - MS03-026 Login script One last question: We have XP and W2000 client machines, does anybody have an example login script to run this update (so that it runs depending on the operating system) and will execute only one time? Dave thanks for your input, Thanks >-----Original Message----- >Mario: > >Go to URL: >http://microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-026.asp > >There is an EXE file for each affected platform. > >You can then place the EXE in a NT Login Script and execute it with the >following switch parameters...-z -q > >-q = Install quietly >-z = Don't reboot PC. > >Dave > > >"Mario" wrote in message >news:0a1401c35b54$e377de10$a501280a@phx.gbl... >> I would like to push this update to the domain rather than >> going workstation by workstation, is there any msi and >> quick explanation how to do this. >> >> Thanks Tag: DCOM/RPC Buffer Overflow Tag: 26778
  - 15
    - SUS Server Set up I am trying to set up an SUS server. I'm having a bit of difficulty trying to get everything to wokr properly. Basically when I try and connect to our server I get a simple directory listing instead of the page I should be recieving. I read the manual and all but I can't seem to figure out what's going on. Does any one know of any quirks for in getting the page to display properly with the SUS server? I'm at my wits end. Tag: DCOM/RPC Buffer Overflow Tag: 26775
  - 16
    - More security patch problems I downloaded and attempted to install the latest Windows 2000 security patch (concerning the RPC buffer). I get two error messages when attempting to open the file. "A device attached to the system is not functioning" "Windows2000-KB823980-X86-ENU.exe is linked to missing export NTDLL.DLL:NtShutdownSystem. " I have Windows ME and have already gone the "automatic update" route using the microsoft website. The updates listed did not include this new security patch. Does anyone have a helpful tip? Tag: DCOM/RPC Buffer Overflow Tag: 26768
  - 17
    - Could I have been hacked? At my job I recieved an mysterious email from a person that has the same email address as I do? For example my email adress Jlynn@nwood.com I recieved and email from Friend@nwood.com. I am the exchange admin and I didnt not setup an account like this and there is not one on the server. How can this be? I havre microsoft exchange server 2000 and Jlynn Tag: DCOM/RPC Buffer Overflow Tag: 26755
  - 18
    - Microsoft Security Bulletin MS03-026 Hi If I am NATing to my PC through a router (NOT A FIREWALL), am I protected ? Tag: DCOM/RPC Buffer Overflow Tag: 26752
  - 19
    - Update for Hijack this Hijack this version 1.95 has been updated to version 1.96. To update, open program>config>misc. tools>check for update on line. LuckyStrike -- LS@smokedamagedfurniture.youcandriveitawaytoday.com ---------------------------------------------------------------------------- -------- Tag: DCOM/RPC Buffer Overflow Tag: 26747
  - 20
    - password protect Win 98 Is there any way to password protect Windows 98 on start- up? (and not be able to by-pass it by chosing cancel) Thanks in advance for the help. Tag: DCOM/RPC Buffer Overflow Tag: 26742
  - 21
    - Windows Update Hi Whlst doing a Windows update, as the update was downloading, noticed it was titled Security Udate, April 2, 2001. The date made me suspicious as I generally allow Windows Update to run once per week. As it is now 2003 am more than a little surprised. Anyone know whether this is a genuine update or whether there is a potential problem. Cheers Tag: DCOM/RPC Buffer Overflow Tag: 26732
  - 22
    - Limiting a user Hi everyone. I have a problem. I have an employee that likes to snoop around a lot on a work computer that's hooked up to our network. I'd like to set up her account so that when she logs on she only has access to certain files. I don't even want her to be able to open the start button. Can anyone help me? I have absolutely no clue what to do. Thank You. Sincerely, Kenny VanderVoort Tag: DCOM/RPC Buffer Overflow Tag: 26726
  - 23
    - port scanning I am in need of some help. I have xp,I sign onto to aol via dialup, my antivirus is up to date, i am running a firewall. i am constantly seeing ip scans coming from same addresses tring to access the same ports every time i sign online. Sometimes i can be online with no scan for a while, other times, they just don't stop. 210.5.22.22, 218.15.192.64, 220.112.155.77, I have tried tracing these scans and blocking and reporting the ip groups <to no avail> any ideas anyone to get to the bottom of this? Tag: DCOM/RPC Buffer Overflow Tag: 26721
  - 24
    - Hackers Attempted Attacks I have Win 2000 server and for the past few days I see bunch of logs in the event log about failure attempts to login to the system. After few attempts the accounts get locked out. I can see the name of the machine who is trying to attack me. This person is running a program for like 20 minutes everyday or so. How can I find out who that is? or how can I prevent these programs from running against my machine? Thanks Tag: DCOM/RPC Buffer Overflow Tag: 26719
  - 25
    - obscene pics Obscene images, pictures, and etc keep popping in my computer and it really irritates me seeing it while doing something. I would really appreciate it if you reply to this problem. Tag: DCOM/RPC Buffer Overflow Tag: 26714
- Next
  - 1
    - Accessing HTTPS sites l'm having problems connecting to https secure sites that use SSL. My browser is IE6 and our server is Ms Proxy Server 2. Whenever l try to access these type of sites l get an error message that says "10061 Connection Refused, An Error occured whilen trying to retrieve your URL" l have checked my internet options under advanced to see if SSL 2.0,SSL 3.0,TLS 1.0 and PCT 1.0 are all enabled and they are all enabled. l'm thinking maybe the problem is with my Proxy configuration settings. So what do l do. -- Posted via http://dbforums.com Tag: DCOM/RPC Buffer Overflow Tag: 26698
  - 2
    - THE PATCH? I was told by another newsgroup that MICROSOFT DOES NOT SEND OUT EMAILS TO MICROSOFT CUSTOMERS RE ANY UPDATING ETC. PLEASE BEWARE OF "SPAMS" "VIRUSES" ETC. IT IS BEST TO USE THE WINDOWS UPDATE THROUGH MICROSOFT WEBSITE. GOOD LUCK:) Tag: DCOM/RPC Buffer Overflow Tag: 26687
  - 3
    - oe removes access to all attachments that come w/ e-mail HI, IF SOMEONE COULD HELP? OE KEEPS REMOVING ACCESS TO ALL ATTACHMENTS THAT COME W/ MY E-MAILS. SAYS THEY,RE UNSAFE,BUT THEY'RE NOT. I'M USING MICROSOFT OUTLOOK 6. THANK YOU Tag: DCOM/RPC Buffer Overflow Tag: 26681
  - 4
    - Firewall and SYN FLOOD Hi all, I am running home network behind broadband DSL router, and a few days back I post a question on the security newsgroup about syn flooding problem and got some advice about installing Antivirus and Firewall software on my computer. Now I 've got the trial version of Norton antivirus and Kerio firewall (recommend by an MVP on the security newsgroup). The virus scan found nothing positve about adware or trojan horse or anything else on my machine. The problem I always have is that whenever I access Microsof Website for a while the SYN Flood log will appear on my broadband router's security log. This happen at the same time when I get no response back from the page I request from Microsft Website. I check the Firewall monitor and saw that there are quite a few connection made by IE to TCP and UDP ports on Microsft Site. I normally surf only a handful of site on the Internet using my second partition of WIndows 2K (not the one I use for my work). This installation have all the latest patch for Win2K and IE6 installed.The problem of unable to get the response back from Microsoft Website will last for a short while and then I can access it again. It does not seem to happen with other Website but may be because I surf Microsoft site more than others. This problem does not happen when I try it on my Redhat Linux installation using Mozilla (at the moment I am writing this message using Mozilla). Could it be possible that this problem is related to IE 6 or with security setting of syn flood protection on my broadband router. I can't remember that I have this problem when I was using IE 5.5, if this is to be the case How would I get back to IE 5.5. I also don't want to reinstall my Win2k. Could anyone provide a good suggestion on what to do and possibly explaine what may have cause such a problem? As this will be greatly aprrecited. Regards, Tag: DCOM/RPC Buffer Overflow Tag: 26671
  - 5
    - How to call GetTokenInformation in C# Hi, Does anyone know how to call the Win32 Native API GetTokenInformation() in C# language? Thanks! Tag: DCOM/RPC Buffer Overflow Tag: 26665
  - 6
    - Remote Procedure Call error? DCOMX.EXE, RPC.EXE, RPCTEST.EXE on your computer? Possible hacking. I've seen a number of people ask this question today, so I hope this is helpful to someone: FYI, the presence of the files Dcomx.exe or the other files mentioned below along with a "Remote Procedure Call" or TFTP popup message on your system are signs you may have been hacked by a tool such as Autorooter. [TFTP.EXE is a normal file that comes with many versions of Windows, but it should usually not be running on most systems.] To fix this, you need a firewall [even a free one such as www.sygate.com or www.kerio.com], to install all the latest Microsoft service packs and patches from www.windowsupdate.com, check your firewall logs to see who has hacked you, and install and run an antivirus with the latest updates that detects this thing [ www.grisoft.com is free antivirus], or submit sample files to your antivirus vendor if it does not detect this thing. I do believe there may be new variants of Autorooter that possibly have not yet been fully discovered. Unlike an automated event like a worm, this event may indicate that someone personally ran a tool against you and may have done things to your computer. You can find out if you are infected with Autorooter or something new that hasn't been discovered by going to one of the scanner sites below. If nothing is detected, that's pretty interesting, let us and your antivirus company know: http://housecall.antivirus.com [my preference] OR http://security2.norton.com Once your computer has been hacked, these are some things I might recommend doing are here: http://securityadmin.info/faq.htm#hacked http://securityadmin.info/faq.htm#re-secure http://securityadmin.info/faq.htm#harden This Trojan has been given several different names by various anti-virus companies: RPC Worm (F-Secure) Downloader-DM (McAfee) Autorooter (Panda) Worm.Win32.Autorooter (AVP) Backdoor.IRC.Cirebot (Symantec) References: http://www.europe.f-secure.com/v-descs/rpc.shtml http://vil.nai.com/vil/content/v_100524.htm http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cirebot .html http://news.com.com/2100%2D1009%2D5059263.html http://www.microsoft.com/technet/security/bulletin/MS03-026.asp http://www.microsoft.com/security/security_bulletins/MS03-026.asp http://support.microsoft.com/?kbid=823980 Here are some signs of infection, though these do not necessarily match all the variants that might be out there: "Signs of infection: - the existence of one or more of the following files: rpc.exe rpctest.exe tftpd.exe dcomx.exe lolx.exe worm.exe Signs that a network is being attacked: - traffic on port 445 to sequential IP addresses. Signs that an attack has succeeded (allowing a remote shell and downloading of the backdoor): - port 57005 open; - an ftp [tftp] connection on port 69." I hope this helps. Let us know if you find anything interesting. Thanks to Susan Bradley for pointing this information out. Tag: DCOM/RPC Buffer Overflow Tag: 26664
  - 7
    - Applied latest fix, MS823980 I applied this fix on an NT 4.0 Domain Controller and now the domain controller is not accepting domain authentication requests, ie logon attempts. Any suggestions on a fix? Preferably not uninstall the fix. Tag: DCOM/RPC Buffer Overflow Tag: 26663
  - 8
    - Acpi.sys can anyone help? i tried to install winXP on to a new HARD drive SAMSUNG (80 GB). goes to blue screen then loads.. but stops and says acpi.sys file is corrupted or acpi.sys file is missing.. can anyone help me remedy this problem?? -- Posted via http://dbforums.com Tag: DCOM/RPC Buffer Overflow Tag: 26657
  - 9
    - MVP Security seeking RFT position While I am providing remote security and crypto consulting services via: http://pages.istar.ca/~neutron I am also seeking a regular full time position in the applications security space. Preference is a mid to large size company in Canada (currently in Ontario), but will consider relocation outside of Canada. Skills: - rapid prototyping of crypto utilities - Java/COM/.NET interop development - technical writing and documentation - digital code signing for web applications (.NET, Java etc..) - Michel Gallant Ph.D. MVP Security neutron@istar.ca Tag: DCOM/RPC Buffer Overflow Tag: 26654
  - 10
    - Svchost.exe Internet exploit I have a PC that has an unknown application installed on it that attempts to connect to a specific site (66.220.17.X) at random times, at least 1-3 times a day (usually from 12-7am) using a SVCHOST.EXE process. I have downloaded an application that monitors TCP/IP port connections and captures the task manager process info to a file. I have identified the process id attempting to make the connection via the captured log. I have also run "tlist -s pid" from the Windows Platform SDK to identify the services associated with each instance of svchost running. Unfortunately, the questionable process does not always exist at the time I analyze the capured logs so I have not been able to determing the program being executed. I have also set auditing on "scvhost.exe" to see if I can capture the activity causing this exploit. I have also gotten a Windows Performance "Trace Log" (.etl file) which I am unable to parse via "Tracefmt.exe" also from the Windows Platform SDK. Any suggestions on how to proceed to identify the rouge application ? (Thanks) i have but am unable to parse with f Tag: DCOM/RPC Buffer Overflow Tag: 26650
  - 11
    - MS03--026 strange versions I have two odd situations where I am not able to patch the computers in question. Both computers show up as vulnerable using the ISS utility. (1) Windows NT for dec alpha - I tried applying the normal WinNT patch as it said for "all versions" but it said it was the wrong version. I realize that Microsoft doesn't support this version anymore and no patches have been available for this machine for years. My question is, would special code need to be written that would run on a dec alpha computer to take advantage of this vulnerability? (2) Computer with French (Canada) version of Windows XP - The English language version of the patch says wrong version. Is there a workaround, or is this just vulnerable until a French language version is available, or is it available and I just am not looking in the right place? It's hard to navigate French language stuff when you don't know French. :) Thanks for your help! Denny Tag: DCOM/RPC Buffer Overflow Tag: 26649
  - 12
    - RPC Exploit How do I know if my administrator applied the patch for the latest RPC exploit? Thanks, lex Tag: DCOM/RPC Buffer Overflow Tag: 26644
  - 13
    - Security patch Regarding Security Bulletin MS03-026: I have downloaded from Windows Update and installed Security Update (819696). Is this the security patch referred to in Security Bulletin MS03-026? My operating system is Windows XP Home. Thanks for any help you can give me. Tag: DCOM/RPC Buffer Overflow Tag: 26643
  - 14
    - excess pop-ups Hello, I am constantly receiving unwanted pop-up messages. How can I get rid of them? I called Microsoft and they were unable to offer a solution. I sometimes receive up to 15 in one hour and I will get them even when I'm not on-line. Thanks, Mic Tag: DCOM/RPC Buffer Overflow Tag: 26640
  - 15
    - nvidious I downloaded the full XP updates package, including the huge nVidia update (May 2 2003). Right, I know I'm stupid, trusing Microsoft, but I had heard about these new security problems ... ... So, first MS insisted I needed to upgrade my IE browser, even though I have 6.0. Finally got through to the page where they scan my machine to see how they can do the maximum amount of damage. The download was slow, even though I am using a cable modem, but I was doing other things, so I didn't care. Of course, it being via IE, it wouldn't tell me the download speed. The installation took an hour or so. Every ten minutes I would check to see if anything was happening, and the little bar had crept along a bit more, so I knew something was happening. Finally done -- restarted machine. Now have beautiful 4- color 640x480 17" LCD screen. Can't change the ettings. I can just see those MS people chortling: "Boy, I wish I could see this guy when he finds out our download update trashed his video settings and won't let him change them." Does anyone know anything about this? I'm sure I'll figure it out, but _why_ would MS send an update that makes things worse? Why should I have to try to find my drivers CDs, try to figure out whether it is an nVidia or Viewsonic problem, or XP problem, or an act of a vengeful god, or ... ...? I'm sure there must be a way to find out more about the nVidia download, but of course MS doesn't want to let me simply look at a list of downloads; I'm supposed to go through the process of having it check my machine for needed updates, which of course tells me I don't need any, and so I can't even find out what they did to me without digging into the web site (or maybe they won't let me do that either). Has anyone else had this problem? Anyone switch to Macs because of problems like this? I'm going to put Win98SE on my laptop so I can get some work done, and then play with my nice powerful desktop XP machine when I have more time to waste. Tag: DCOM/RPC Buffer Overflow Tag: 26629
  - 16
    - security Why do I need this security? My sister tried microsoft updates and it messed up her computer. Tag: DCOM/RPC Buffer Overflow Tag: 26622
  - 17
    - Security Update What is the security update about? Will this hose a persons computer like some of the updates do? I have a customer with questions on it and I don't want to recommend she update and then have her computer mess up. Tag: DCOM/RPC Buffer Overflow Tag: 26621
  - 18
    - security update Why do Tag: DCOM/RPC Buffer Overflow Tag: 26620
  - 19
    - 821557: Security Update (Windows XP) I'm not sure why, but when I install this update 821557: Security Update (Windows XP), I have problems with Outlook 2002 and Windows Explorer. Basically, when running Outlook 2002, it freezes when trying to send or even create a new message. When trying to open a Windows Explorer window (windows key + E), it freezes Windows. Luckily, I was able to figure out that this was the culprit and remove it. Is there going to be a fix for this? Thanks. Bill Tag: DCOM/RPC Buffer Overflow Tag: 26618
  - 20
    - Possible Scam I believe the following to be a scam attempting to lure MS customers to an unknown website to what purpose can only be conjectured by the following e-mail I received at my Yahoo e-mail: From Microsoft Mon Aug 4 08:01:01 2003 X-Apparently-To: chparsons@yahoo.com via 216.136.130.58; 04 Aug 2003 08:05:45 -0700 (PDT) Return-Path: <windowssecurity@email.microsoft.com> Received: from 209.11.164.116 (EHLO mh.microsoft.m0.net) (209.11.164.116) by mta145.mail.scd.yahoo.com with SMTP; 04 Aug 2003 08:05:45 -0700 (PDT) Received: from [209.11.138.130] by 10.203.1.116 (mh.microsoft.m0.net) with SMTP; 04 Aug 2003 08:29:21 +0000 Message-ID: <9706864959.1060009261235@m0.net> Date: Mon, 4 Aug 2003 08:01:01 -0700 (PDT) From: "Microsoft" <windowssecurity@email.microsoft.com> | This is spam | Add to Address Book Reply-to: windowssecurity@email.microsoft.com To: CHPARSONS@yahoo.com Subject: Security Update for Microsoft Windows Errors-to: windowssecurity@email.microsoft.com Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--- =_NEXT_f6cd79b8ae" X-cid: 9706864959 X-pid: 228387 Content-Length: 1738 *** PLEASE NOTE: Due to the critical importance of this message, this communication is being sent to all of our Microsoft customers to alert you of this Security Bulletin. *** It has been widely reported in the press and on Microsoft's own web site, that on July 16th we released a critical security bulletin (MS03-026) and a patch regarding a vulnerability in the Windows operating system. We wanted to make sure that if you were not aware of this bulletin and corresponding patch that you take a moment to go to http://www.microsoft.com/security/ security_bulletins/ ms03-026.asp to find out if you are running an affected version of the Windows operating system and get the specific information as to what you need to do to apply this patch if you have not already. Although we encourage you to pay attention to all security bulletins and to deploy patches in a timely manner we wanted to call special attention to this particular instance as we have become aware of some activity on the internet that we believe increases the likelihood of the exploitation of this vulnerability. Specifically, code has been published on several web sites that would allow someone to spread a worm/virus that takes advantage of the vulnerability in question thereby impacting your computing environment. Although it is our goal to produce the most secure and dependable products possible, we do become aware of these types of vulnerabilities. In order to minimize the risks of such vulnerabilities to your computing environment, we encourage you to subscribe to the Windows Update service by going to http://www.windowsupdate.com and also subscribe to Microsoft's security notification service at http://register.microsoft.com/ subscription/subscribeme.asp?ID=135 if you have not already. By subscribing to these two services you will automatically receive information on the latest software updates and the latest security notifications thereby improving the likelihood that your computing environment will be safe from worms and viruses that occur. We apologize for any inconvenience the implementation of this patch might cause and appreciate you taking the time to update your system. Thank you, Microsoft Corporation Tag: DCOM/RPC Buffer Overflow Tag: 26615
  - 21
    - What is spoofing? I would like to know what exactly is "Spoofing"? I have found out that someone has been sending Emails from from my computer and I don't know what is going on or who is doing it. No one else has access to my computer, so am I being hacked and how is this possible? Please help, Bob marisroger@aol.com Tag: DCOM/RPC Buffer Overflow Tag: 26606
  - 22
    - Security Downloads Ever since I downloaded the latest security alerts, my computer is running extremely slow. Any thoughts? Tag: DCOM/RPC Buffer Overflow Tag: 26594
  - 23
    - Patch works too well Since I downloaded the patch, Outlook Express is killing all .pdf attachments on inbound emails. I need them. How can I fix this? Regards Shane. Tag: DCOM/RPC Buffer Overflow Tag: 26590
  - 24
    - Backdoor Trojan Virus I have a backdoor virus in my svhost file and cannot delete it. Do you have any suggestions. Norton cannot help. The file is protected from me getting into it. -- Posted via http://dbforums.com Tag: DCOM/RPC Buffer Overflow Tag: 26575
  - 25
    - Is this email the real thing? I received this today? Please tell me what you think. The email came from: Microsoft <windowssecurity@email.microsoft.com> I also left the URLs of the links in parentheses. Thanks. <Original message> *** PLEASE NOTE: Due to the critical importance of this message, this communication is being sent to all of our Microsoft customers to alert you of this Security Bulletin. *** It has been widely reported in the press and on Microsoft's own web site, that on July 16th we released a critical security bulletin (MS03-026) and a patch regarding a vulnerability in the Windows operating system. We wanted to make sure that if you were not aware of this bulletin and corresponding patch that you take a moment to go to http://www.microsoft.com/security/ security_bulletins/ ms03-026.asp (http://64.4.10.250/cgi- bin/linkrd?_lang=EN&lah=adcbee7de751ca178e0641cfaa207877) to find out if you are running an affected version of the Windows operating system and get the specific information as to what you need to do to apply this patch if you have not already. Although we encourage you to pay attention to all security bulletins and to deploy patches in a timely manner we wanted to call special attention to this particular instance as we have become aware of some activity on the internet that we believe increases the likelihood of the exploitation of this vulnerability. Specifically, code has been published on several web sites that would allow someone to spread a worm/virus that takes advantage of the vulnerability in question thereby impacting your computing environment. Although it is our goal to produce the most secure and dependable products possible, we do become aware of these types of vulnerabilities. In order to minimize the risks of such vulnerabilities to your computing environment, we encourage you to subscribe to the Windows Update service by going to http://www.windowsupdate.com (http://64.4.10.250/cgi-bin/linkrd? _lang=EN&lah=d873c4a9c60563f0043496b4b7c948af) and also subscribe to Microsoft's security notification service at http://register.microsoft.com/subscription/subscribeme.asp ?ID=135 (http://64.4.10.250/cgi-bin/linkrd? _lang=EN&lah=60fdf64d3858871520d0b6b2580f65c9) if you have not already. By subscribing to these two services you will automatically receive information on the latest software updates and the latest security notifications thereby improving the likelihood that your computing environment will be safe from worms and viruses that occur. We apologize for any inconvenience the implementation of this patch might cause and appreciate you taking the time to update your system. Thank you, Microsoft Corporation Tag: DCOM/RPC Buffer Overflow Tag: 26574

If we do not have RPC as an installed protocol in the
network properties are we still vulnerable to attacks?

Re: DCOM/RPC Buffer Overflow by Karl

Karl
Thu Aug 07 09:41:46 CDT 2003

"Jeff COM>" <ADAMSON_JEFFREY_NL@LILLY> wrote in message
news:04b301c35ce8$5085a610$a001280a@phx.gbl...
> If we do not have RPC as an installed protocol in the
> network properties are we still vulnerable to attacks?

Yes. 1) it wouldn't appear there, 2) it's probably enabled on your
computer, 3) disabling just RPC does nothing to help you against other
attacks on Netbios ports such as TCP and UDP 135 -139 and 445. There are
free firewalls you might consider, such as www.sygate.com and www.kerio.com
in addition to installing the patch. PS you don't just need one patch, you
need them all. Just go to www.windowsupdate.com to get them all, I can't
think of a good reason not to install the patches when it's that easy. Way
way easier than trying to disable RPC yourself.

Top