Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

NTBUGTRAQ on DCOM

From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 02 Aug 2003 10:25:11 -0500
This was just posted on NTBUGTRAQ. Looks like SMS *is* affected if you shut off DCOM. 

            ---Begin NTBUGTRAQ post---
So I have been running around recommending that everyone get DCOM disabled. My reasoning is that while the patch addresses the LSD vulnerability, it doesn't handle the XFocus DoS and who knows what else is left undiscovered. LSD's vulnerability was in there for 6 years unnoticed, despite the fact that numerous people have looked closely at the interface.
Unfortunately, like the problem we discovered with the MSDE issue, we have no list of things which break when DCOM is disabled. There are certainly some/many custom developed applications that use DCOM, at least you'd come away with that impression if you look at Microsoft's site or search Google. While they may be extremely important, I'm not really looking for that list.
What I'm looking for are things that are either built into the OS, an MS Server, or are very widely deployed. I'm only interested in something which doesn't work after you've disabled DCOM according to; 

http://support.microsoft.com/default.aspx?scid=kb;en-us;825750

I plan on putting this into a web page which I'll call;

http://www.ntbugtraq.com/dcomfaq.asp

What follows is what I've been able to gather so far;

1. Microsoft provides a wonderfully vague warning, in KB 825750;
Warning, if you disable DCOM, may you may lose operating system functionality. After you disable support for DCOM, the following may result: 

- Any COM objects that can be activated remotely may not function correctly.
- The local COM+ snap-in will not be able to connect to remote servers to enumerate their COM+ catalog. 
- Certificate auto-enrollment may not function correctly.
- Windows Management Instrumentation (WMI) queries against remote servers may not function correctly.
There are potentially many built-in components and 3rd party applications that will be affected if you disable DCOM. Microsoft does not recommend that you disable DCOM in your environment until you have tested to discover what applications are affected. Disabling DCOM may not be workable in all environments. 

2. Products that use DCOM;

- Microsoft Access Workflow Designer
- FrontPage with Visual Source Safe on IIS
- BizTalk Server schedule client
- Excel uses DCOM if it includes an RTD statement
- SMS uses DCOM to get the hardware inventory off a client
- Win95 needs Client for Microsoft Networks or DCOM to work with MS SNA Server
3. Luckily, Microsoft has provided special keywords for COM and DCOM in their Knowledgebase to make it easier to search for such articles, http://support.microsoft.com/default.aspx?scid=kb;en-us;249726 There are 40 different keywords! They think that makes it easier?? 

Cheers,
Russ - NTBugtraq Editor

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: