This isn't AD related but is core Windows... XFocus who recently published some concept code (perl and c) to crash RPC on any Windows 2000 machine running RPC and DCOM has now reconstructed and published concept code to exploit the RPC/DCOM hole found by LSD earlier this month. This hole is worse than the previous hole XFocus published info about because it allows for remote unauthenticated code execution on the machines. MS has a patch for this hole which you should require to have on all of your WinNT based (Windows NT, Windows 2000, Windows XP, Windows 2003) machines. The security bulliten is MS03-26 (http://www.microsoft.com/technet/security/bulletin/MS03-026.asp) aka hot fix KB823980. Everyone who has a Windows machine should apply this fix ASAP. Do not feel safe because you are behind a firewall. If a firewall was all we needed we never would have felt SQL Slammer. Patch your systems. To make this AD related a bit I would like to again request of Microsoft that they actually use the operatingsystemhotfix attribute and populate it with qfecheck output so a very large company can scan AD in minutes versus spending hours or days trying to connect to all machines. Oh yeah, that property probably should have been multivalued... Obviously this won't catch all of the machines, but a large number of them should be accounted for much more quickly. joe
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
