Re: Win98 and Worms

[Gary Flynn <flynngn () JMU EDU>]

Rebecca Ramos wrote:

> Hello,
>
> A few weeks ago there was a posting on this listserve in which someone
> mentioned that he had gotten some feedback that Win98 boxes were vulnerable
> to rpc exploitation.  Was this ever confirmed?

I haven't heard of any. DCOM was an add-on on earlier operating systems like
Windows 98. The ISS DCOM vulnerability scanner, for one, will acuse a
Windows 98 computer running DCOM as being vulnerable to the DCOM defect.
I haven't heard of anyone actually successfully exploiting it.

In MS03-026, Microsoft said "Microsoft tested Windows Me, Windows NT 4.0,
Windows NT 4.0 Terminal Services Edition, Windows 2000, Windows XP and
Windows Server 2003, to assess whether they are affected by this vulnerability.
Previous versions are no longer supported, and may or may not be affected by
this vulnerability."

I don't know if the ME DCOM/RPC code is the same as the Win98 code.

Common, publically available exploit code, including that included in
worms, concentrates on Windows 2000 and XP. I haven't heard of any
NT or 2003 systems being compromised or infected.

Might make an interesting research project. :)

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.