Re: [ActiveDir] New RPC DOS

[Glenn Corbett]

Title: Message

True rodger, MS could stop using it.  However in of itself RPC isnt the bad guy, and MS would need to replace it with something else, which based on their track record would still have vuln's and require a fair bit of patching.    G.   ----- Original Message ----- From: Roger Seielstad To: '[EMAIL PROTECTED]' Sent: Friday, September 12, 2003 5:30 AM Subject: RE: [ActiveDir] New RPC DOS You miss my point. The question was what Microsoft could do to fix all these RPC issues. The answer is to stop using it, which was going to take time..     -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New RPC DOS But if you use applications like Outlook with Exchange 5.5 then you can't communicate.   -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 9:41 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New RPC DOS   The solution is to do away with RPC entirely - but that's a major rewrite of things. On the other hand, I have plenty of Unix boxes running with RPC disabled and they run fine.   Let's remember RPC's major functionality can be replaced, but that's at the expense of more complex application design.   Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 12:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] New RPC DOS Todd,   >> Anyone have a clue as to how Microsoft plans to fix the RPC system to make it more secure?   Concentrate maybe one or two more people on looking at error checking on the input into the arrays/buffers in the RPC code?  ;op   I mean, really - a vuln lays around waiting for someone to find it for years, and in this short of a time 3 more vuls are found in roughly the same area, just different vectors?  I sure hope that there is a team pouring over the code that makes up RPC.   Rick Kingslan  MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Wednesday, September 10, 2003 2:15 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] New RPC DOS Our Microsoft TAM notified us of this new issue.  I waited to give them time to publish it to the various news sites.    At 9AM PST, PSS will be announcing a new critical security bulletin (MS03-039).   This bulletin will address an RPC denial-of-service vulnerability in Windows products.    Please take the time today to go to the www.microsoft.com/security site to obtain the patch and directions for implementation.    Just trying to help you stay one step ahead!   I think it is very important to get this update on all your DC's even if they are behind a firewall ASAP.  We managed to mitigate blaster but these RPC DOS are starting to get really nasty.   Anyone have a clue as to how Microsoft plans to fix the RPC system to make it more secure?   Thanks,   Todd Myrick