Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RE: Re: Bad news on RPC DCOM vulnerability

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Mon, 13 Oct 2003 11:00:50 -0500
-----Original Message-----
From: webheadport80 () netscape net [mailto:webheadport80 () netscape net] 
Sent: Monday, October 13, 2003 9:30 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] RE: Re: Bad news on RPC DCOM 
vulnerability

The reason I'd like confirmation is that my Microsoft corp 
contact told me that Microsoft, back in Redmond, said this 
exploit doesn't work on ms03-039...  I'd like to confirm/deny 
this claim.  Especially, since they haven't updated their sec 
bulletin on ms03-039 for this vulnerability.

Any feedback from folks who have successfully gotten this 
exploit to work on a PATCHED ms03-039 w2k box would be 
GREATLY APPRECIATED!!!


Microsoft has acknowledged that the DoS exists on a fully patched
Windows box (not publicly.)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: