RE: Exploit for Windows RPC may be in the wild!

From: Eric Appelboom (ericat_private)
Date: Sun Jul 27 2003 - 11:42:19 PDT

  • Next message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!" 

     
Yes exploits have been released (source code) and win32 compilied
binaries.
A worm is expected soon see full-disclosure tread.

Happy patching
Any1 with snort sig?

-----Original Message-----
From: Compton, Rich [mailto:RComptonat_private] 
Sent: 25 July 2003 09:46 PM
To: incidentsat_private

FYI, 
ISPs are reporting a dramatic increase in traffic on TCP port 135.  No
exploit code has been captured as of yet but the increase in traffic on
this
port probably indicates that exploit code is being executed!  Block
ports
135 through 139 and 445! 

More info: 
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulleti
n/MS
03-026.asp

-Rich Compton


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

    This archive was generated by hypermail 2b30 : Sun Jul 27 2003 - 12:39:56 PDT