[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)

To: "'Disclosure Full'" <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
From: "Gerald Cody Bunch" <gbunch@gmx.net>
Date: Mon, 11 Aug 2003 23:56:57 -0400

For the benefit of the list, and at the risk of being repetitive.

<snip>
For one, Windows 2000 is the only platform the worm is spreading to,
</snip>

That's not quite true.
https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pd
f

According to Symantec you have about an 80/20% (xp/2k) chance that
offset will be used. Though, you are right in pointing out that Server
2k3 is vulnerable as well.

 Thanks,

 Gerald Cody Bunch
 gbunch@gmx.net


-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Matthew
Murphy
Sent: Monday, August 11, 2003 10:04 PM
To: Full Disclosure
Subject: Re: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM
Worm Propagation (fwd)


> I don't know if this covers what's already been said about DCOM
> worms...
>
[snip]
> > Impact:
> >
> > Any vulnerable desktop or server connected to the Internet may be
> > vulnerable to attack. All Windows 2000, Windows XP and Windows NT 
> > 4.0 computers that have not been patched are vulnerable to attack 
> > from the automated worm, or manual attack. X-Force believes that 
> > hundreds of thousands of computers may still be vulnerable. 
> > Unsuccessful propagation attempts may crash vulnerable computers, or

> > render them unstable. Successful worm outbreaks have been known to 
> > cause significant localized network latency, and widespread denial 
> > of service.
[snip]

This is not accurate.  For one, Windows 2000 is the only platform the
worm is spreading to, and for two, Windows Server 2003 is also impacted.
As it is no longer a trial OS, I would have expected to see it in ISS'
listing as well.  Minor, but worth noting, no less.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] DCOM Worm?
Next by Date: Re: [Full-Disclosure] Windows RPC/DCOM - MSBlast Worm
Prev by thread: Re: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
Next by thread: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
Index(es):
- Date
- Thread