Full Disclosure mailing list archives
Why does a home computer user need DCOM?
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 10 Sep 2003 14:03:12 -0400
Hello, Yet another buffer overflow error has been found in DCOM and Microsoft has released a new patch for it today according to a security bulletin on their Web site. If I am running a Windows PC at home, why would I want DCOM turned on in the first place? What purpose does it serve? Has Microsoft needless caused security problems for XP home users by shipping XP with unneeded service turned on by default? Microsoft does provide a knowledge base article for turning off DCOM here: http://support.microsoft.com/default.aspx?scid=kb;en-us;825750 However this article uses technobabble to explain what might not work with DCOM disabled. I need the downsides of turning off DCOM to be explained in English. For example, if I disable DCOM can I still access a network printer or file server? Thanks, Richard M. Smith http://www.ComputerBytesMan.com =========================================== http://www.microsoft.com/technet/security/bulletin/MS03-039.asp What causes these vulnerabilities? The vulnerabilities result because the Windows RPCSS service does not properly check message inputs under certain circumstances. After establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying Distributed Component Object Model (DCOM) activation infrastructure in the RPCSS Service on the remote system to fail in such a way that arbitrary code could be executed. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft Security Bulletin MS03-039 Noel, Marcus (Sep 10)
- Re: Microsoft Security Bulletin MS03-039 Irwan Hadi (Sep 10)
- Why does a home computer user need DCOM? Richard M. Smith (Sep 10)