Here We Go Again

Yup. Loaded 039 this AM on some development servers, the DCs and a couple of servers that haven't been put to running anything significant just to see how it goes. So far, so good.

Can't reboot production servers during production unless there is an emergency so I know where/what I'll be doing Saturday.

 

I added the update yesterday.

Then I ran Spybot and there appeared MANY redirects back to MS.

Kerio came up asking for permission to reconnet to MS. So in this situation I did allow it.

Is this normal ?

Something to do with the patch itslef ?

Or were they possibley there before I added the Update. ?

BillyBob

 

Interesting BB. Don't know but I think I'll test it myself from home.

 

Host "Leo Laporte" on Tech TV today was VERY adamant that port 135 is still vulnerable. Current patch 824146 does not cure the problems in RPCSS Service. He feels the update alone will lead many in a false sense of security. He encouraged users with no router / firewall installed, turn on XP's firewall. He also suggested downloading DCOMbobulator, a tiny program allowing a user to toggle Windows DCOM services on/off... this being the vulnerable service. I normally would not post the usual hype of TV. Today Leo was very sincere in KNOWING (would not disclose on air) there were problems not resolved with this current patch. My suspicions are his information is coming from Steve Gibson.

 

DCOMbobulator 2.0 is out today
rather (September 11th, 2003)
Lonny

 

MS03-039 addresses all known issues with RPC on both 2000 and 2003.

Steve Gibson has issues with sensationalism, to say the least.

If you disable DCOM, there may be some functionality in Windows and 3rd party software that you inhibit.

 

How about a FW ?

With all that discussion about the symptoms You seem to forget to grab the problem by the roots.

When I know that there is the Flu going round in town I don't supply myself with Cleanex, I get myself vaccinated.

Whoever still connects to the internet without a portfilter aka firewall installed almost deserves the most terrible malware ;-)

No PC with well configured firewall was hit by Lovsan/Blaster.

The latest threads made clear that a plain AV is not enough anymore. The new generation of worms penetrates Your PCs without You doing anything (as Lovsan did).

Get a Firewall, close all ports You don't need for internet traffic (and You DO NOT need RPC to communicate through the internet!), and You'll be save.

BTW: That does not mean that keeping Your PC propperly patched isn't a good idea!

 

Well said.