Windows Users: Important! Read This!

Posted by: Chem

Windows Users: Important! Read This! - 08/02/03 05:33 PM

If you aren't aware of the latest Windows vulnerability detailed on July 16th: a bug in the RPC/DCOM service allows REMOTE ROOT ACCESS to your system. Exploits are already in the wild and I can pretty much guarantee it won't be long before a worm comes out that auto exploits this and causes a huge mess.

If you use Windows NT, 2000 or XP you are vulnerable. If you have a router or firewall, you likely cannot be exploited over the Internet but you should patch this all the same. The exploit can be delivered via port 135, 139 or 445 - these are all usually listening by default on Windows.

The current exploits are rather crude and usually result in RPC services crashing and the machine auto-rebooting - if you've seen a message informing you the system will auto-restart in 60 seconds or something similar, this is the exploit hitting your machine. If the attacker guessed your operating system correctly, they likely are already connected with full access to your system. You should install the patch ASAP and do an up to date virus scan and look for any suspicious programs running. It won't be long though before more sophisticated exploits take the form of worms that won't crash RPC services and attempt multiple times to gain access to your box.

You can get the patch from Microsoft here:
Windows NT 4.0 Server (or direct link )
Windows 2000 (or direct link )
Windows XP (or direct link )
of if you prefer, visit Windows Update and install all Critical Updates.

Microsoft TechNet Bulletin:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

To clarify: This bug can let an attacker run code on your system under the highest privileged account (SYSTEM) if your computer is connected directly to the Internet. Grab the patch now to avoid pain later.

Courtesy of: R1ch
Forwarded by: Chem
Posted by: Predator

Re: Windows Users: Important! Read This! - 08/02/03 06:00 PM

From what i've seen and know, this exploit is beeing used a lot for the moment in the wild. Exploits are getting better as for example there is an universal exploit around, normally you would need for every windows version/language pack another "small piece of code" but this one fixes it.
Posted by: Rapture

Re: Windows Users: Important! Read This! - 08/11/03 06:18 PM

on some of the boards I visit...it's MASS caos. Everybody is flippin out and stuff. It's f***ing hilarious.
Posted by: SilentRage

Re: Windows Users: Important! Read This! - 08/11/03 06:58 PM

microsoft and their exploits can kiss my router ass.
Posted by: UndeadBob

Re: Windows Users: Important! Read This! - 08/11/03 07:52 PM

i got hold of a exploit's code, it is simple and it works. it just shows just how vulnerable windows is. i tried it on a 2000 machine (one of mine!!) and it killed the rpc service but the machine never restarted. it just put me straight into the windows dir with full access. patch immediatly!
Posted by: Deviation187

Re: Windows Users: Important! Read This! - 08/12/03 03:00 PM