Re: RPC DCOM exploit

From: Barry Fitzgerald (bkfsecat_private)
Date: Mon Aug 04 2003 - 07:58:11 PDT

Next message: morning_wood: "Re: RPC DCOM exploit"

Previous message: att13543: "RE: WORM_MIMAIL.A Anyone have any info on what this does yet?"
In reply to: Peter Fry: "Re: RPC DCOM exploit"
Next in thread: morning_wood: "Re: RPC DCOM exploit"
Next in thread: Peter Fry: "Re: RPC DCOM exploit"
Reply: morning_wood: "Re: RPC DCOM exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hmm...

I haven't seen system log corruption, yet.  I'll have to keep my eye out 
for that.

I think that the Service Pack has a lot to do with this, or perhaps some 
other patch not directly related to MS03-026.

In my latest tests, I've gotten failed processes on Windows 2000 SP2 
boxen but Windows 2000 SP3/4 boxen have functioned properly after the 
attack - with the attack only working once until a reboot occurs. 

       -Barry

Peter Fry wrote:

>>Is anyone else on the list seeing that at least some of their target
>>systems are not rebooting after executing this code?
>>    
>>
>
>yeah, two of our machines didn't reboot, but they did get their system
>logs corrupted, so i'm thinking they did get affected to some extent. 
>Maybe if the machines are patched it does that much but does not reboot?
>
>
>
>
>  
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: morning_wood: "Re: RPC DCOM exploit"
Previous message: att13543: "RE: WORM_MIMAIL.A Anyone have any info on what this does yet?"
In reply to: Peter Fry: "Re: RPC DCOM exploit"
Next in thread: morning_wood: "Re: RPC DCOM exploit"
Next in thread: Peter Fry: "Re: RPC DCOM exploit"
Reply: morning_wood: "Re: RPC DCOM exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 04 2003 - 08:46:25 PDT