General discussion

  • Creator
    Topic
  • #2317054

    Microsoft Security Bulletin MS03-026

    Locked

    by joseph moore ·

    So, this patch for the RPC/DCOM vulnerability came out on July 17. I read the e-mail then, and thought, “Yeah, ought to patch that sometime.”
    Then this past weekend, the xfocus.org website published their working code to exploit.
    And on their discussion forums, people are working together to make the best exploit for all Windows versions possible.
    So, I guess I will roll out the patch now.

    Has anyone else out there rolled out the patch? Any problems? Any concerns? Was it without incident?

    Thanks.
    Joe

All Comments

  • Author
    Replies
    • #2740265

      Microsoft Security Bulletin MS03-026

      by joseph moore ·

      In reply to Microsoft Security Bulletin MS03-026

      must add points…. must…. add…. points…….

    • #2740244

      Microsoft Security Bulletin MS03-026

      by thechas ·

      In reply to Microsoft Security Bulletin MS03-026

      Hi Joseph,

      I only have 1 target system for the patch, and I have seen no problems on the XP box I installed it on.

      My other systems are running W98 which does not have an update for this problem.
      (I need to change out a number of hardware items before I can upgrade the W98 boxes to either W2K or XP.)

      Chas

    • #2740219

      Microsoft Security Bulletin MS03-026

      by joseph moore ·

      In reply to Microsoft Security Bulletin MS03-026

      Ok, I have been put on this fulltime until all 50 of my servers are patched. User workstations can wait until a worm is released onto the Internet.
      So, I have (as of 5PM CST) patched 3 Win2K server, 1 Win2KPro (my workstation), and 1 XP Pro machine (my laptop). So far, no indication of any problems. No errors in the Event Logs. No performance hickups. So far, so good.
      I will leave this open over the weekend, and close it Monday night, so feel free to post any results you have with the patch.

      Ah, the joys of “patch management”!

    • #2740214

      Microsoft Security Bulletin MS03-026

      by cg it ·

      In reply to Microsoft Security Bulletin MS03-026

      Buffer Overrun in RPC Interface Hotfix # 823980 / MS03-026…I have it on W2K Pro and XP Pro workstations…so far so good….no hickups installing or since installing it a week ago…it’s also running on a Windows 2003 Server Small Business Server PDC [has Exchange 2003, ISA server SQL server and Outlook 2003 all on one box] and nothing out of the ordinary pops up in any of the monitoring tools [event viewer, health monitor..performance monitor..or in Exchange. Nothing out of reports from ISA server either]. Have no idea if W98 has problems with it as we don’t use it anymore.

      • #2740210

        Microsoft Security Bulletin MS03-026

        by cg it ·

        In reply to Microsoft Security Bulletin MS03-026

        that’s 25 W2K Pro workstations and 4 XP Pro workstations [2 of which are mine] plus one Windows 2000 Server which is used as a External Web Server which isn’t a part of the Domain LAN.

      • #2740747

        Reply To: Microsoft Security Bulletin MS03-026

        by joseph moore ·

        In reply to Microsoft Security Bulletin MS03-026

        Thanks D.R.

    • #2740213

      Microsoft Security Bulletin MS03-026

      by maxwell edison ·

      In reply to Microsoft Security Bulletin MS03-026

      I was reading up on this issue this morning. The following was part of Microsoft’s warning.

      From Microsoft:

      To exploit this vulnerability, the attacker must be able to send a specially crafted request to port 135, port 139, port 445, or any other specifically configured RPC port on the remote computer. For intranet environments these ports are typically accessible, but for Internet-connected computers, these ports are typically blocked by a firewall. If these ports are not blocked, or in an intranet environment, the attacker does not have to have any additional privileges.

      Best practice recommendations include blocking all TCP/IP ports that are not actually being used. By default, most firewalls, including the Windows Internet Connection Firewall (ICF), block those ports. For this reason, most computers that are attached to the Internet should have RPC over TCP or UDP blocked. RPC over UDP or TCP is not intended to be used in hostile environments, such as the Internet. More robust protocols, such as RPC over HTTP, are provided for hostile environments.

      Based on the preceding statements, it appears that I wouldn’t be at risk. (ports blocked, firewall, etc.) However, since I’ve been playing around with various VPN configurations, I installed the patch on my servers (2 of them) anyway – just to be safe – and I haven’t noticed any adverse effects up to now. I’ll do the W2K workstations over the weekend.

    • #2740953

      Reply To: Microsoft Security Bulletin MS03-026

      by don christner ·

      In reply to Microsoft Security Bulletin MS03-026

      I’ve been running this update since July 24th without any problems (even MS gets something right once in a while 😉 .

      Don

    • #2740810

      Reply To: Microsoft Security Bulletin MS03-026

      by driv ·

      In reply to Microsoft Security Bulletin MS03-026

      So far No issues on Win2k server (3) / workstation (5) / or XP (2) workstation.
      Caused issue with Tivoli backup engine not responding on only 1 internal IIS web server that has too many weird apps to begin with running. Not 100% sure if problem was due to patch. Simply stopped remote backup service for now.

      Good luck.

    • #2740752

      Reply To: Microsoft Security Bulletin MS03-026

      by joseph moore ·

      In reply to Microsoft Security Bulletin MS03-026

      Well, I came into the office on Sunday and patched 33 machines. Most were Win2K Servers, with 2 NT4 domain controllers, a stand alone NT4 server, 2 NT4 workstations, and a Win2K3 server.
      These machines run a variety of things, including Domino, SQL Server, Apache, IIS, etc.
      So far, not one problem or fault.
      Everything is running properly.
      So, I guess this patch is stable. I was worried since it was RPC, which controls so much stuff in Windows.

      Thanks to all.

    • #2740744

      Reply To: Microsoft Security Bulletin MS03-026

      by joseph moore ·

      In reply to Microsoft Security Bulletin MS03-026

      This question was closed by the author

Viewing 8 reply threads