Full Disclosure mailing list archives
RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
From: "Gerald Cody Bunch" <gbunch () gmx net>
Date: Mon, 11 Aug 2003 23:56:57 -0400
For the benefit of the list, and at the risk of being repetitive. <snip> For one, Windows 2000 is the only platform the worm is spreading to, </snip> That's not quite true. https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pd f According to Symantec you have about an 80/20% (xp/2k) chance that offset will be used. Though, you are right in pointing out that Server 2k3 is vulnerable as well. Thanks, Gerald Cody Bunch gbunch () gmx net -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Matthew Murphy Sent: Monday, August 11, 2003 10:04 PM To: Full Disclosure Subject: Re: [Full-disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
I don't know if this covers what's already been said about DCOM worms...
[snip]
Impact: Any vulnerable desktop or server connected to the Internet may be vulnerable to attack. All Windows 2000, Windows XP and Windows NT 4.0 computers that have not been patched are vulnerable to attack from the automated worm, or manual attack. X-Force believes that hundreds of thousands of computers may still be vulnerable. Unsuccessful propagation attempts may crash vulnerable computers, or
render them unstable. Successful worm outbreaks have been known to cause significant localized network latency, and widespread denial of service.
[snip] This is not accurate. For one, Windows 2000 is the only platform the worm is spreading to, and for two, Windows Server 2003 is also impacted. As it is no longer a trial OS, I would have expected to see it in ISS' listing as well. Minor, but worth noting, no less. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Darren Reed (Aug 11)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Matthew Murphy (Aug 11)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gerald Cody Bunch (Aug 11)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Chris Garrett (Aug 11)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) ViLLaN (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) morning_wood (Aug 12)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gerald Cody Bunch (Aug 11)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Matthew Murphy (Aug 11)
- <Possible follow-ups>
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gerald Cody Bunch (Aug 11)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Richard Stevens (Aug 12)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Mike (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Chris Garrett (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Andrew Simmons (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) gregh (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Richard Stevens (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Lan Guy (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Jonathan Rickman (Aug 12)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Dennis Heaton (Aug 12)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gordon Ewasiuk (Aug 12)