My security people are telling me I need to lock down some DCOM vulnerabilities on my exchange servers and gave me some documentation that is pretty much greek to me. I've attached a portion below. Can anyone give some suggestions as to what DCOM is and whether or not I want to make these modifications to my site?
TIA! Ben Parrnelli Network Administrator Comm & Data Directorate MAGTF Training Command Twentynine Palms, CA 92278 ------------------- DCOM Launch Permission: DCOM launch permission incorrect M Launch permissions on the DCOM object allow non-administrators to launch DCOM objects and execute code on the host. False Positives: If a DCOM object implements internal security measures, then this issue is not a vulnerability. Some of the objects that implement internal security may be the ASP Transacted Script content object, Transaction Context extended object, Transaction context object, and the Web Application Manager object. These application names usually appear as hexadecimal instead of text. Remedy: When the object uses DCOM's security, fortify the DCOM object's permissions so that it continues to function under tightened security: 1. Run the dcomcnfg program in the %SystemRoot%/System32 folder. 2. Double-click the DCOM object that generated this vulnerability. 3. Click Security. 4. Edit the launch permissions. Some applications may require loose launch permissions in order to function. Verify that the object in question still functions properly after making any changes. 5. Click OK twice. DCOM RunAs: DCOM RunAs value altered M The DCOM RunAs Value was found to be altered. DCOM calls are executed under the security context of the calling user by default. If the RunAs key has been altered, the DCOM calls can be executed under the user context of the currently logged in user, or as a third user. If this ability is not controlled very carefully, it could provide a network user with the ability to execute arbitrary code under another user context. Remedy: Remove the RunAs value to restore the user context to that of the calling user. To remove the RunAs value: CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved. 1. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK. 2. Go to the HKEY_LOCAL_MACHINE\Software\Classes\AppID key. 3. Locate the subkey that has had the RunAs value inserted. 4. Delete the RunAs value. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
