Re: Exploit for Windows RPC may be in the wild!

From: morning_wood (se_cur_ityat_private)
Date: Sun Jul 27 2003 - 13:16:54 PDT

Next message: Salvatore Poliandro: "Re: [security-elvandar] "access_log?hello" ?"

Previous message: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
In reply to: Compton, Rich: "Exploit for Windows RPC may be in the wild!"
Next in thread: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

it is in the wild and very very effective, in random testing im findin 80%
of all XP/2k boxes affected...

Donnie Werner
http://exploitlabs.com

----- Original Message ----- 
From: "Compton, Rich" <RComptonat_private>
To: <incidentsat_private>
Sent: Friday, July 25, 2003 12:45 PM
Subject: Exploit for Windows RPC may be in the wild!


> FYI,
> ISPs are reporting a dramatic increase in traffic on TCP port 135.  No
> exploit code has been captured as of yet but the increase in traffic on
this
> port probably indicates that exploit code is being executed!  Block ports
> 135 through 139 and 445!
>
> More info:
>
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS
> 03-026.asp
>
> -Rich Compton
>
>
> -------------------------------------------------------------------------
--
> -------------------------------------------------------------------------
---
>
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Salvatore Poliandro: "Re: [security-elvandar] "access_log?hello" ?"
Previous message: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
In reply to: Compton, Rich: "Exploit for Windows RPC may be in the wild!"
Next in thread: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 09:56:25 PDT