Am I missing something about this RPC DCOM exploit? Here's the bulletin I applied my patches in response to below. I see plenty of availability for NT 4.0 Server. My Exchange/IIS/Proxy Server box is NT 4.0 and I patched it accordingly.
So far so good, as this box is what I'm going through now!
3) Block the published RPC ports (listed in many posts in this area) from any firewall/routing hardware or Windows OS software.
4) Download the patch from the Windows Update site when the site's not overloaded or down.
5) Apply the patch.
The one issue is that a fresh install will probably lead to lots of heavy downloads of all of the cumulative patches from the Windows Update site. Might be a good time for a cigarette break. Or an early Happy Hour:-)
It's like Code Red in some ways. When folks got hit with it they would consistently get hit again when even trying to download the patch from Microsoft.
Did I miss something? See my post on another thread regarding the posted download --> http://slashdot.org/comments.pl?sid=74466&threshol d=-1&commentsort=1&tid=201&mode=thread&pid=6675589 #6675945.
Where are you reading this from? The Q823980 fix has a listed download for NT 4.0. If you are talking about the RPC buffer overrun, see http://www.microsoft.com/technet/security/bulletin/MS03-026.asp for details.
You can subscribe to the Microsoft Security Bulletin mailing list. See http://www.microsoft.com/technet/security/notify.a sp for details. You'll get notified as soon as the bulletins are posted. Click on the URL's in the bulletins and away you go.
Wonder if Bill Gates' estate's security system has Linux boxes running the show? If not then he better be peeking at the camera monitors like the end of Scarface!
I subscribe to the Microsoft Security Bulletins and all subscribers got an e-mail from Microsoft urging them to patch their systems for this DCOM RPC exploit ASAP.
I agree about the download sizes. I patch our corporate systems and in the past year I have about 22 installation packages for vulnerabilities rated at the Critical level. Configuring new workstations without an imaging application definitely takes awhile!
My thinking is that since the burden falls on Microsoft for providing tighter software they should ship out CD sets of patches on a monthly basis. Kind of like those TechNet CD subscriptions I recall having back when I though my MCSE was the cat's ass!
It's ironic. SCO has to spend big dollars on high priced legal help to spread FUD. Microsoft simply has to hire cheap, fresh-out-of-college programmers to write lazy code that lacks input boundary checking:-)
As a kid my goal was to grow up and be the DJ in the middle sitting in that cool space chair. Cranking up old AC/DC songs through ragged-out speakers. Back then that seemed so cool.
I recall doing independent consulting awhile back and visiting a client who for some reason would experience data loss on a constant basis. Things would be corrupted to the point of having to totally rebuild all datafiles on the server.
After going over things with them on the phone I decided to drop by and see for myself. Back then hard drives (even in RAID arrays) weren't awfully reliable compared to nowadays. So I prepared myself for the standard fare.
When I got there I saw that the bookkeeper had placed their telephone right on top of the external drive array. It was one of those old rotary telephones that had a magnetic bell clapper. I supposed the magnet might have had something to do with their mysterious data loss.
I immediately told them I had the answer to their problems, promptly walked over and moved the phone to down on the desk, and handed them a bill for a flat one hour fee plus windshield time (they were in B.F.E.). Never got a call from them for almost a year. I wish all of my fires were that easy to fight!
Those two companies should team up again, since their absurd arrogance and disregard for true innovation make good bedfellows.
Perhaps the moron coalition heading up SCO should view the original open source UNIX post --> http://groups.google.com/groups?selm=771%40mit-edd ie.UUCP. And then proceed to jump out a window.
Compare a Mac OS minor release update and you'll find a lot more enhancements than a major release update for Windoze.
And most of the Windoze updates aren't updates as much as bug fixes due to all of the lazy coding that underlies Windoze products. Something as simple as checking for buffer overruns is inexcusable and it's been a problem from Windoze 95 through Windoze Server 2003!
I don't see a lot of CERT security advisories on Mac software, and I don't hear a lot of Mac users in my company complaining about their OS persistently crashing due to bishaving application software not playing well or crappy memory management.
As much as some PC enthuisiasts bash Apple, I like the direction they are heading. Anyone who goes into an Apple store and doesn't come away impressed with something is fooling themselves. They are sincerely trying to be innovative, inventive, and creative in engineering aesthetically-pleasing, user-friendly, and functional hardware and software. Micro$loth OTOH is simply repacking the same crap with new window dressing and new subscription schemes to keep revenue coming in.
Personally I find most of Apple stuff a bit pricey but like where they are going. This FSF move is another step in the right direction.
Hopefully some of these players can continue allying themselves to take down the many-headed hydra that is Micro$loth. Novell adopted some Java angles with Netware 5, and recently added Linux services to their support suite. Maybe Apple can be added to the picture to cover desktop OS, server OS, desktop hardware, desktop software, *NIX services, etc.
I know Apple hasn't been a collaboration proponent in the past but the sum of all parts could be a force to be reckoned with.
Actually I have been programming on computers since the Apple ][ and was one of the first folks to pioneer OTA programming for cellular phones. Let's see you review the ITI/ETIAA standard and explain it to me, pinhead.
Nice to see that idiots who don't know crap about people who post aren't afraid to show their ignorance.
I know it's cool to elevate legacy hardware so that they can do things thought impossible. It was just a joke that I posted tongue-in-cheek.
Great. An OS that runs on crappy, outdated equipment and can't take more than 5 web hits at a time. Just what I was looking for.
Now maybe tonight I can get my Mattel Football game to function as a PDA. Sure that I will be that talk around the water cooler at the shoe store tomorrow.
Personally I still use logon scripting. There's a third-party addon called KixTart that allows more sophisticated scripting. Most of the time I take this route with desktop clients.
If your desktop clients aren't Win2k and higher (therefore not vulnerable to the RPC hit) and don't have publicly exposed IP address (i.e. - inside a Internet firewall or proxy) then you are just talking about servers.
In that case don't have you any remote control software (e.g. - VNC, SMS, PC Anywhere, etc.)? If so just put the patches on a common network share and remote into the boxes to install. If you aren't talking about more than 10-20 boxes it shouldn't take too long. If you are talking about more than that perhaps script out AT jobs to the boxes to execute KixTart scripts or something.
Search for a utility called FPort. It will map out all of the active PID's with the TCP/UDP port and associated process. Some processes can hide themselves through rundll32.exe (Win9x) or svchost.exe (WinNT/2K/XP), however.
But you can get an idea about what ports are sitting out there either listening or actively transferring.
The folks at the Last Stage of Delirium announced the RPC hole back at the end of 2002! Here's a link to the white paper --> http://www.lsd-pl.net/documents/winasm-1.0.1.pdf.
My questions:
1)Why does it take Micro$loth this long to respond to and to address a major flaw?
2) Why do most of their security flaws involve unchecked buffers? This function should be a fundamental part of a programmer's toolbelt. It's not like they don't like adding more lines to already-bloated code
3) If it's true (as posted in another thread) about the RPC bugfix not fixing the problem what is the ETA of a re-release of the bugfix?
Slashdot Mirror
So far so good, as this box is what I'm going through now!
http://www.microsoft.com/technet/security/bulletin /ms03-026.asp
Maybe not this particular worm, but the RPC vulnerability still exists for other exploits. Regardless of NT 4.0, 2000, etc.
2) Reinstall.
3) Block the published RPC ports (listed in many posts in this area) from any firewall/routing hardware or Windows OS software.
4) Download the patch from the Windows Update site when the site's not overloaded or down.
5) Apply the patch.
The one issue is that a fresh install will probably lead to lots of heavy downloads of all of the cumulative patches from the Windows Update site. Might be a good time for a cigarette break. Or an early Happy Hour :-)
It's like Code Red in some ways. When folks got hit with it they would consistently get hit again when even trying to download the patch from Microsoft.
Did I miss something? See my post on another thread regarding the posted download --> http://slashdot.org/comments.pl?sid=74466&threshol d=-1&commentsort=1&tid=201&mode=thread&pid=6675589 #6675945.
Where are you reading this from? The Q823980 fix has a listed download for NT 4.0. If you are talking about the RPC buffer overrun, see http://www.microsoft.com/technet/security/bulletin /MS03-026.asp for details.
7. Obsess about what other files were modified, deleted or otherwise compromised.
I would reformat, reinstall, and repatch. But that's just me.
You can subscribe to the Microsoft Security Bulletin mailing list. See http://www.microsoft.com/technet/security/notify.a sp for details. You'll get notified as soon as the bulletins are posted. Click on the URL's in the bulletins and away you go.
Wonder if Bill Gates' estate's security system has Linux boxes running the show? If not then he better be peeking at the camera monitors like the end of Scarface!
I agree about the download sizes. I patch our corporate systems and in the past year I have about 22 installation packages for vulnerabilities rated at the Critical level. Configuring new workstations without an imaging application definitely takes awhile!
My thinking is that since the burden falls on Microsoft for providing tighter software they should ship out CD sets of patches on a monthly basis. Kind of like those TechNet CD subscriptions I recall having back when I though my MCSE was the cat's ass!
It's ironic. SCO has to spend big dollars on high priced legal help to spread FUD. Microsoft simply has to hire cheap, fresh-out-of-college programmers to write lazy code that lacks input boundary checking :-)
As a kid my goal was to grow up and be the DJ in the middle sitting in that cool space chair. Cranking up old AC/DC songs through ragged-out speakers. Back then that seemed so cool.
After going over things with them on the phone I decided to drop by and see for myself. Back then hard drives (even in RAID arrays) weren't awfully reliable compared to nowadays. So I prepared myself for the standard fare.
When I got there I saw that the bookkeeper had placed their telephone right on top of the external drive array. It was one of those old rotary telephones that had a magnetic bell clapper. I supposed the magnet might have had something to do with their mysterious data loss.
I immediately told them I had the answer to their problems, promptly walked over and moved the phone to down on the desk, and handed them a bill for a flat one hour fee plus windshield time (they were in B.F.E.). Never got a call from them for almost a year. I wish all of my fires were that easy to fight!
http://www.wikipedia.org/wiki/xenix
Those two companies should team up again, since their absurd arrogance and disregard for true innovation make good bedfellows.
Perhaps the moron coalition heading up SCO should view the original open source UNIX post --> http://groups.google.com/groups?selm=771%40mit-edd ie.UUCP. And then proceed to jump out a window.
And most of the Windoze updates aren't updates as much as bug fixes due to all of the lazy coding that underlies Windoze products. Something as simple as checking for buffer overruns is inexcusable and it's been a problem from Windoze 95 through Windoze Server 2003!
I don't see a lot of CERT security advisories on Mac software, and I don't hear a lot of Mac users in my company complaining about their OS persistently crashing due to bishaving application software not playing well or crappy memory management.
Personally I find most of Apple stuff a bit pricey but like where they are going. This FSF move is another step in the right direction.
Hopefully some of these players can continue allying themselves to take down the many-headed hydra that is Micro$loth. Novell adopted some Java angles with Netware 5, and recently added Linux services to their support suite. Maybe Apple can be added to the picture to cover desktop OS, server OS, desktop hardware, desktop software, *NIX services, etc.
I know Apple hasn't been a collaboration proponent in the past but the sum of all parts could be a force to be reckoned with.
Nice to see that idiots who don't know crap about people who post aren't afraid to show their ignorance.
I know it's cool to elevate legacy hardware so that they can do things thought impossible. It was just a joke that I posted tongue-in-cheek.
Jackass...
Now maybe tonight I can get my Mattel Football game to function as a PDA. Sure that I will be that talk around the water cooler at the shoe store tomorrow.
If your desktop clients aren't Win2k and higher (therefore not vulnerable to the RPC hit) and don't have publicly exposed IP address (i.e. - inside a Internet firewall or proxy) then you are just talking about servers.
In that case don't have you any remote control software (e.g. - VNC, SMS, PC Anywhere, etc.)? If so just put the patches on a common network share and remote into the boxes to install. If you aren't talking about more than 10-20 boxes it shouldn't take too long. If you are talking about more than that perhaps script out AT jobs to the boxes to execute KixTart scripts or something.
But you can get an idea about what ports are sitting out there either listening or actively transferring.
My questions:
1)Why does it take Micro$loth this long to respond to and to address a major flaw?
2) Why do most of their security flaws involve unchecked buffers? This function should be a fundamental part of a programmer's toolbelt. It's not like they don't like adding more lines to already-bloated code
3) If it's true (as posted in another thread) about the RPC bugfix not fixing the problem what is the ETA of a re-release of the bugfix?