Worm hole in Windows 2000

[Maestr0]

"They are implying that they have found a serious flaw in the underlying protocol stack that allows remote code execution. Since they say that this can't be turned off one has to wonder what component it could possibly be since I can disable the network card. "

Another RPCss.exe overflow. Blaster v2


-Maestr0

[Tiger Shark]

Another RPCss.exe overflow. Blaster v2

... and who, in their right mind, leaves RPC open to the internet???????

If this is the case it's just what I thought it would be.... A non-entity....

[mohaughn]

Originally posted here by Tiger Shark
... and who, in their right mind, leaves RPC open to the internet???????

If this is the case it's just what I thought it would be.... A non-entity....

If you think a worm can only make its way into your network through your firewall/internet connection that you are sadly mistaken. Nobody should have RPC open, but every worm that I've ever experienced at my current company came in over VPN or a laptop being carried into the office and connected to the internal network. A worm using another exploit similiar to the RPCss.exe issues, not saying that is the case now, would be just as bad as blaster and the other worms that have hit MS products.

[Tiger Shark]

If you think a worm can only make its way into your network through your firewall/internet connection that you are sadly mistaken

I'm not sadly mistaken....

Like you my only worm came via a laptop.... Such a stink was caused by me, including threatening an entire agency with being cut off from the other agencies and therefore the net, that the policy is now being adhered to..... So far....

I'm still taking the pinch of salt till I have some real information on this.....

[EDIT]

It seems like ISC is taking the same approach as me:-

Received from ISC after a query I sent this morning:-

I haven't seen or heard of anyone that can shed light on this yet. We're all waiting to see if its FUD or not.

Robert
ISC Handler on Duty

[/EDIT]

[Timmy77]

Could this have something to do with next week's MS patch release?

According to MS, we're talking 6 windows patches, max severity of critical.

No more details, but could be related.

[kr5kernel]

Microsoft reported that this worm hole could also be used to travel time. Goooooo Microsoft!

Sorry, couldt resist....feel free to delete.

[Maestr0]

for anyone else who is curious, word on tha street is its NOT an IP attack or rpcss.exe.

-Maestr0

[Egaladeist]

Hi Maestr0,

I've been checking the news and still no word from Microsoft...therefore I assume they are waiting either for a patch to be developed first...or...it will become part of the re-issue of the 2000 roll-up.

As a Windows 2000 user I was hoping they would provide at least a plan of action or an update as to where they are in resolving this issue.

Eg

[mark_boyle2002]

My god. And you guys call your self security experts.

Let me explain how this works.

Eeye find a flaw and report it to microsoft.
Microsoft do nothing.
eeye release their own fix and vuln protection for this flaw
someone reverse engineers the eeye fix to discover the flaw
they release a worm, virus or exploit for this flaw
microsoft release a critical patch. (usually to late)

History repeats its self in this fashion.

[white_pawn]

Microsoft do nothing.
eeye release their own fix and vuln protection for this flaw
someone reverse engineers the eeye fix to discover the flaw
they release a worm, virus or exploit for this flaw
microsoft release a critical patch. (usually to late)

Wow!

http://sfgate.com/cgi-bin/article.cg...f123616D07.DTL

"We seem to have a botwar on our hands," Hypponen said. "There appears to be three different virus-writing gangs turning out new worms at an alarming rate — as if they would be competing who would build the biggest network of infected machines."

Ya rite! The guys at Eeye asked you to patch it up and you missed it,now you call it a group of virus writer are up to it.