RPC DCOM 2 Exploit source code in the wild - MS03-039 patch flawed? :: Internet Security Information : "***Currently available information indicates that the patch from Microsoft MS03-039 does not properly protect machines against this exploit!!!*** Although Proof of Concept source code has been circulating for some time now a fully functional exploit is now available. It appears there are also some issues with the MS03-039 patch released to mitigate this vulnerability. According to currently circulating information it has been confirmed that the following operating systems are still vulnerable to attack even if they ARE patched: - Microsoft Windows XP Professional - Microsoft Windows XP Home - Microsoft Windows 2000 Workstation Although it has not been verified at this time, other versions of Microsoft Windows are also suspected to be subject to this vulnerability. As with the prior RPC vulnerability (MS03-026), these attacks can occur o­n TCP ports 135, 139, 445 and 593; and UDP ports 135, 137, 138 and 445."

This page is powered by Blogger. Isn't yours?