ISS maintains a separate mailing list for customers that provides information regarding product announcements and updates. While in the past an occasional product announcement may have been sent to this mail list, we have streamlined our communication mechanisms to ensure that each mail list is used only for its intended purpose in accordance with customer requests. All product announcements are available via the ISS Connections mailing list. Customers may sign up for this mailing list at: http://xforce.iss.net/xforce/maillists/. We apologize for any inconvenience this may have caused.
Best regards, Lisa Washburn -----Original Message----- From: Vijver, D (Dirk) [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 6:47 AM To: [EMAIL PROTECTED] Subject: RE: [ISSForum] Network protection case study: Microsoft RPC DCOMvulnerability Dear Sirs/Madams, The "quality of service", as described below, seems excellent to me. Thanks. The ISS-tool for checking systems regarding this issue is also much appreciated. However, as far as I know and can check this Forum has not been informed of Internet Scanner XPU updates (in my case still for Internet Scanner 6.2.1) since June 6, 2003 (including recent ones to check systems for this vulnerability). So either there's something wrong with my internal mail system (in which case I apologize for bothering the forum) or ISS forgot to inform the ISS-Forum of recent updates. I wonder what the experience of other forum members is. Yours Truly, Dirk Vijver -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Verzonden: woensdag 23 juli 2003 23:48 Aan: [EMAIL PROTECTED] Onderwerp: [ISSForum] Network protection case study: Microsoft RPC DCOMvulnerability ISS X-Force has had great success over the years at channeling internal vulnerability research directly into the ISS protection platform. A core objective of the X-Force R&D organization is to research vulnerabilities, work with vendors to develop fixes, and update our protection technologies. Since we have invested so heavily in vulnerability research, we are not as dependent on the public domain to gather specific vulnerability and exploit information. Vulnerability and Protection Timeline: 7/16/2003 - Microsoft Security Bulletin MS03-026 published 7/17/2003 - Protection made available to ISS tech support (<24 hours) 7/18/2003 - XPU packages available (~36 hours later) In this timeframe, X-Force was able to pinpoint the vulnerability, develop a functional exploit tool, investigate potential evasion techniques, and update our protection platform. No exploit tools or exploit information have been published as of 4:00pm ET on 7/23/2003. Additionally, no other major network protection vendors have published updates to detect RPC DCOM attacks. Vendor Protection ------ ---------- Symantec No Network Associates No Cisco No Netscreen No Snort No ISS Yes (7/17/2003) Most network protection vendors develop their protection based only upon publicly available exploit tools. If hackers choose not to publish their tools, then no protection is available. Relying on hacker goodwill to develop protection technology is a dangerous strategy. For more information about the RPC DCOM vulnerability, please refer to the X-Force Alert and Microsoft Security Bulletin MS03-026: http://xforce.iss.net/xforce/alerts/id/147 http://www.microsoft.com/technet/security/bulletin/MS03-026.asp Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D [EMAIL PROTECTED] 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo ================================================ De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================ The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
