| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Sep 2003 14:10:29 -0400 From: "Richard M. Smith" <rms@...puterbytesman.com> To: "BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...URITYFOCUS.COM> Subject: Why does a home computer user need DCOM? Hello, Yet another buffer overflow error has been found in DCOM and Microsoft has released a new patch for it today according to a security bulletin on their Web site. If I am running a Windows PC at home, why would I want DCOM turned on in the first place? What purpose does it serve? Has Microsoft needless caused security problems for XP home users by shipping XP with unneeded service turned on by default? Microsoft does provide a knowledge base article for turning off DCOM here: http://support.microsoft.com/default.aspx?scid=kb;en-us;825750 However this article uses technobabble to explain what might not work with DCOM disabled. I need the downsides of turning off DCOM to be explained in English. For example, if I disable DCOM can I still access a network printer or file server? Thanks, Richard M. Smith http://www.ComputerBytesMan.com =========================================== http://www.microsoft.com/technet/security/bulletin/MS03-039.asp What causes these vulnerabilities? The vulnerabilities result because the Windows RPCSS service does not properly check message inputs under certain circumstances. After establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying Distributed Component Object Model (DCOM) activation infrastructure in the RPCSS Service on the remote system to fail in such a way that arbitrary code could be executed.
Powered by blists - more mailing lists