hi john at the time where i wrote the email (19:21) there was no information available from M$. thx for the link now.
> And they all look pretty gnarly. Just for fun, we just got word > from M$ today that the fixes from bulletin MS03-039, while they > prevent remove code execution for that particular RPCSS-DCOM > vulnerability (lovsan aka msblast.exe and lovsan.c, aka teekids.exe) > still leave windows boxes vulnerable to DOS attacks. The latest > publicized fix I see is still KB824146. i heard this also on the ISS and securityfocus page. there are also some exploits / proof-of-concepts in the wild. > In the meantime, it might be an idea for you > provider guys to keep router ACLs handy for the following ports: > > 135/TCP 139/TCP 445/TCP 593/TCP > 135/UDP 137/UDP 138/UDP 445/UDP yes, we're also filtering those ports now on our routers - but only for a short time, until we can be 'more or less' sure, that most of the customers have upgraded their systems. additionally I block 1433/1434 (UDP), because of possible new SQL slammers etc. i'm currently preparing a newsletter to our customers to inform them about those new microsoft bugs. why can microsoft not develop a software which has as few bugs as possible? i think they produce the bugs because they want to sell their new 'security concept' > Just to cheer you up, have a look at > http://www.cs.berkeley.edu/~nweaver/cdc.web/ on my next holiday trip i will read that 'big paper' :) > Game over, man. yeah, lets shut down the internet. could you pull the plug? :) -steven ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/