Full Disclosure mailing list archives

RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)

From: "Gerald Cody Bunch" <gbunch () gmx net>
Date: Mon, 11 Aug 2003 23:56:57 -0400

For the benefit of the list, and at the risk of being repetitive.

<snip>
For one, Windows 2000 is the only platform the worm is spreading to,
</snip>

That's not quite true.
https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pd
f

According to Symantec you have about an 80/20% (xp/2k) chance that
offset will be used. Though, you are right in pointing out that Server
2k3 is vulnerable as well.

 Thanks,

 Gerald Cody Bunch
 gbunch () gmx net


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Matthew
Murphy
Sent: Monday, August 11, 2003 10:04 PM
To: Full Disclosure
Subject: Re: [Full-disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM
Worm Propagation (fwd)

I don't know if this covers what's already been said about DCOM
worms...

[snip]

Impact:

Any vulnerable desktop or server connected to the Internet may be
vulnerable to attack. All Windows 2000, Windows XP and Windows NT 
4.0 computers that have not been patched are vulnerable to attack 
from the automated worm, or manual attack. X-Force believes that 
hundreds of thousands of computers may still be vulnerable. 
Unsuccessful propagation attempts may crash vulnerable computers, or

render them unstable. Successful worm outbreaks have been known to 
cause significant localized network latency, and widespread denial 
of service.

[snip]

This is not accurate.  For one, Windows 2000 is the only platform the
worm is spreading to, and for two, Windows Server 2003 is also impacted.
As it is no longer a trial OS, I would have expected to see it in ISS'
listing as well.  Minor, but worth noting, no less.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Darren Reed (Aug 11)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Matthew Murphy (Aug 11)
  - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gerald Cody Bunch (Aug 11)
    - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Chris Garrett (Aug 11)
    - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) ViLLaN (Aug 12)
    - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) morning_wood (Aug 12)
- <Possible follow-ups>
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gerald Cody Bunch (Aug 11)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Richard Stevens (Aug 12)
  - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Mike (Aug 12)
  - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Chris Garrett (Aug 12)
    - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Andrew Simmons (Aug 12)
  - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) gregh (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Richard Stevens (Aug 12)
  - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Lan Guy (Aug 12)
  - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Jonathan Rickman (Aug 12)
    - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Dennis Heaton (Aug 12)
    - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gordon Ewasiuk (Aug 12)

(Thread continues...)