KB824146 (MS03-039) and KB823980 (MS03-026) on Server 2003 SP1

Discussion in 'Windows Update' started by RSmith, May 4, 2005.

  1. RSmith

    RSmith Guest

    Thorough scanning of our Server 2003 Service Pack 1 box has resulted in the
    discovery of possible vulnerabilities related to the RPC DCOM systems within
    Windows. Two test were used to check for RPC DCOM vulnerabilities: The first
    test involved using ISS Internet Scanner with a policy to check for the
    WinRpcssDcomBo vulnerability. The second test involved the use of Microsoft's
    "KB824146scan" tool to check for missing patches KB824146 (MS03-039) and
    KB823980 (MS03-026). These test were performed against a pre-SP1 Server 2003
    box and resulted in negatives from both ISS (No vulnerabilities found) and
    KB824146Scan ("X.X.X.X: patched with both KB824146 (MS03-039) and KB823980
    (MS03-026)). The same test preformed against the same box with SP1 installed
    netted different results. ISS came back with the WinRpcssDcomBo vulnerability
    and KB824146Scan came back with "X.X.X.X: this host needs further
    investigation". No configuration changes outside of the Service Pack install
    were made to the Server 2003 box after installation (the firewall was left
    off, etc.).

    I've concluded that either:
    A) The Server 2003 SP1 box is know vulnerable to RPC DCOM exploits as
    covered in MS03-039, etc.
    B) The Server 2003 SP1 box is responding to RPC DCOM queries in a way that
    is making both ISS and KB824146Scan think it's vulnerable/missing patches.

    Any other thought's/suggestions/ideas/conclusions would be greatly
    appreciated. Of course I have lots of data (Windump, Netmon) that can be
    looked at. {8^)
     
    RSmith, May 4, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.