Educause Security Discussion mailing list archives
Re: Win98 and Worms
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 10 Sep 2003 12:13:25 -0400
Rebecca Ramos wrote:
Hello, A few weeks ago there was a posting on this listserve in which someone mentioned that he had gotten some feedback that Win98 boxes were vulnerable to rpc exploitation. Was this ever confirmed?
I haven't heard of any. DCOM was an add-on on earlier operating systems like Windows 98. The ISS DCOM vulnerability scanner, for one, will acuse a Windows 98 computer running DCOM as being vulnerable to the DCOM defect. I haven't heard of anyone actually successfully exploiting it. In MS03-026, Microsoft said "Microsoft tested Windows Me, Windows NT 4.0, Windows NT 4.0 Terminal Services Edition, Windows 2000, Windows XP and Windows Server 2003, to assess whether they are affected by this vulnerability. Previous versions are no longer supported, and may or may not be affected by this vulnerability." I don't know if the ME DCOM/RPC code is the same as the Win98 code. Common, publically available exploit code, including that included in worms, concentrates on Windows 2000 and XP. I haven't heard of any NT or 2003 systems being compromised or infected. Might make an interesting research project. :) -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Win98 and Worms Rebecca Ramos (Sep 10)
- <Possible follow-ups>
- Re: Win98 and Worms Gary Flynn (Sep 10)