Re: MS03-26
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 21 Jul 2003 14:13:50 -0700
..hmmmm.. seems you is right.
Still, it's nice to know that ISA blocks it even when publishing RPC...
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 21, 2003 10:27
Subject: [isalist] MS03-26
http://www.ISAserver.org
At 09:21 AM 7/21/2003, you wrote:
Yo "ISA_Dewd" :)
Saw your comments on my article. Thanks for providing that info about
publishing RPC and ISA's protection of it.
I know now that it is indeed exploitable over TCP 135 *and* UDP 135-- I got
confirmation from LSD on that... Though we are all protected, I am still
very worried about this one... This is a class exploit, and if/when a
multi-vector worm is written, it will make slammer look like a fin packet.
t
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
