19 November 2003

Microsoft's DCOM vulnerability Revisited Microsoft's DCOM vulnerability patches, MS03-026 and MS03-039 have been applied to the relevant machines in ISAW, around the time of their release. Furthermore the machines concerned are equipped with ZoneAlarm and NortonAntivirus , which are kept regularly updated. Windows Update is run periodically. The KB824146 scan tool , eEye's free RPC scanner tool as well as DCOMbobulator have been applied to locally and remotely test the machines concerned . Completely shutting down DCOM, and thus Port 135, results in the unavailability of TaskScheduler. "Any personal firewall or NAT router will isolate a system's open ports from external intrusion, so leaving port 135 open is not a problem if your system has additional intrusion protection in place. " (Steve Gibson, Gibson Research Corporation) 7:59:49 AM      comment ? []