ISS X-Force has had great success over the years at channeling internal vulnerability research directly into the ISS protection platform. A core objective of the X-Force R&D organization is to research vulnerabilities, work with vendors to develop fixes, and update our protection technologies. Since we have invested so heavily in vulnerability research, we are not as dependent on the public domain to gather specific vulnerability and exploit information.
Vulnerability and Protection Timeline: 7/16/2003 - Microsoft Security Bulletin MS03-026 published 7/17/2003 - Protection made available to ISS tech support (<24 hours) 7/18/2003 - XPU packages available (~36 hours later) In this timeframe, X-Force was able to pinpoint the vulnerability, develop a functional exploit tool, investigate potential evasion techniques, and update our protection platform. No exploit tools or exploit information have been published as of 4:00pm ET on 7/23/2003. Additionally, no other major network protection vendors have published updates to detect RPC DCOM attacks. Vendor Protection ------ ---------- Symantec No Network Associates No Cisco No Netscreen No Snort No ISS Yes (7/17/2003) Most network protection vendors develop their protection based only upon publicly available exploit tools. If hackers choose not to publish their tools, then no protection is available. Relying on hacker goodwill to develop protection technology is a dangerous strategy. For more information about the RPC DCOM vulnerability, please refer to the X-Force Alert and Microsoft Security Bulletin MS03-026: http://xforce.iss.net/xforce/alerts/id/147 http://www.microsoft.com/technet/security/bulletin/MS03-026.asp Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D [EMAIL PROTECTED] 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
