General discussion

Locked

Microsoft Security Bulletin MS03-026

By Joseph Moore ·
So, this patch for the RPC/DCOM vulnerability came out on July 17. I read the e-mail then, and thought, "Yeah, ought to patch that sometime."
Then this past weekend, the xfocus.org website published their working code to exploit.
And on their discussion forums, people are working together to make the best exploit for all Windows versions possible.
So, I guess I will roll out the patch now.

Has anyone else out there rolled out the patch? Any problems? Any concerns? Was it without incident?

Thanks.
Joe

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Microsoft Security Bulletin MS03-026

by Joseph Moore In reply to Microsoft Security Bullet ...

must add points.... must.... add.... points.......

Collapse -

Microsoft Security Bulletin MS03-026

by TheChas In reply to Microsoft Security Bullet ...

Hi Joseph,

I only have 1 target system for the patch, and I have seen no problems on the XP box I installed it on.

My other systems are running W98 which does not have an update for this problem.
(I need to change out a number of hardware items before I can upgrade the W98 boxes to either W2K or XP.)

Chas

Collapse -

by Joseph Moore In reply to Microsoft Security Bullet ...

Thanks Chas.

Collapse -

Microsoft Security Bulletin MS03-026

by Joseph Moore In reply to Microsoft Security Bullet ...

Ok, I have been put on this fulltime until all 50 of my servers are patched. User workstations can wait until a worm is released onto the Internet.
So, I have (as of 5PM CST) patched 3 Win2K server, 1 Win2KPro (my workstation), and 1 XP Pro machine (my laptop). So far, no indication of any problems. No errors in the Event Logs. No performance hickups. So far, so good.
I will leave this open over the weekend, and close it Monday night, so feel free to post any results you have with the patch.

Ah, the joys of "patch management"!

Collapse -

Microsoft Security Bulletin MS03-026

by CG IT In reply to Microsoft Security Bullet ...

Buffer Overrun in RPC Interface Hotfix # 823980 / MS03-026...I have it on W2K Pro and XP Pro workstations...so far so good....no hickups installing or since installing it a week ago...it's also running on a Windows 2003 Server Small Business Server PDC [has Exchange 2003, ISA server SQL server and Outlook 2003 all on one box] and nothing out of the ordinary pops up in any of the monitoring tools [event viewer, health monitor..performance monitor..or in Exchange. Nothing out of reports from ISA server either]. Have no idea if W98 has problems with it as we don't use it anymore.

Collapse -

Microsoft Security Bulletin MS03-026

by CG IT In reply to Microsoft Security Bullet ...

that's 25 W2K Pro workstations and 4 XP Pro workstations [2 of which are mine] plus one Windows 2000 Server which is used as a External Web Server which isn't a part of the Domain LAN.

Collapse -

by Joseph Moore In reply to Microsoft Security Bullet ...

Thanks D.R.

Collapse -

Microsoft Security Bulletin MS03-026

by maxwell edison In reply to Microsoft Security Bullet ...

I was reading up on this issue this morning. The following was part of Microsoft's warning.

From Microsoft:

To exploit this vulnerability, the attacker must be able to send a specially crafted request to port 135, port 139, port 445, or any other specifically configured RPC port on the remote computer. For intranet environments these ports are typically accessible, but for Internet-connected computers, these ports are typically blocked by a firewall. If these ports are not blocked, or in an intranet environment, the attacker does not have to have any additional privileges.

Best practice recommendations include blocking all TCP/IP ports that are not actually being used. By default, most firewalls, including the Windows Internet Connection Firewall (ICF), block those ports. For this reason, most computers that are attached to the Internet should have RPC over TCP or UDP blocked. RPC over UDP or TCP is not intended to be used in hostile environments, such as the Internet. More robust protocols, such as RPC over HTTP, are provided for hostile environments.

Based on the preceding statements, it appears that I wouldn't be at risk. (ports blocked, firewall, etc.) However, since I've been playing around with various VPN configurations, I installed the patch on my servers (2 of them) anyway - just to be safe - and I haven't noticed any adverse effects up to now. I'll do the W2K workstations over the weekend.

Collapse -

by Joseph Moore In reply to Microsoft Security Bullet ...

Thanks Maxwell.

Collapse -

by Don Christner In reply to Microsoft Security Bullet ...

I've been running this update since July 24th without any problems (even MS gets something right once in a while .

Don

Back to Windows Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums