[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030915102530.GB79322@mail.webmonster.de>
Date: Mon, 15 Sep 2003 12:25:08 +0200
From: "Karsten W. Rohrbach" <karsten@...rbach.de>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Fwd: Microsoft announces new ways to bypass security controls
This went via NANOG and might be of interest to the RPC/DCOM security
folks.
Regards,
/k
--
> If we were meant to fly, we wouldn't keep losing our luggage.
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Return-Path: <owner-nanog@...it.edu>
Delivered-To: rohrbach-lists@...l.webmonster.de
Received: (qmail 48737 invoked from network); 15 Sep 2003 02:05:27 -0000
Received: from unknown (HELO trapdoor.merit.edu) (198.108.1.26)
by mail.webmonster.de with SMTP; 15 Sep 2003 02:05:27 -0000
Received: by trapdoor.merit.edu (Postfix)
id C760991207; Sun, 14 Sep 2003 22:03:36 -0400 (EDT)
Delivered-To: nanog-outgoing@...pdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
id 9535791208; Sun, 14 Sep 2003 22:03:36 -0400 (EDT)
Delivered-To: nanog@...pdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
by trapdoor.merit.edu (Postfix) with ESMTP id A675E91207
for <nanog@...pdoor.merit.edu>; Sun, 14 Sep 2003 22:03:33 -0400 (EDT)
Received: by segue.merit.edu (Postfix)
id 93D4F5DDC5; Sun, 14 Sep 2003 22:03:33 -0400 (EDT)
Delivered-To: nanog@...it.edu
Received: from clifden.donelan.com (clifden.donelan.com [199.34.53.180])
by segue.merit.edu (Postfix) with ESMTP id 5CDD65DDA1
for <nanog@...it.edu>; Sun, 14 Sep 2003 22:03:33 -0400 (EDT)
Received: from sean (helo=localhost)
by clifden.donelan.com with local-esmtp (Exim 3.36 #1)
id 19yiiC-0000GA-00
for nanog@...it.edu; Sun, 14 Sep 2003 22:03:32 -0400
Date: Sun, 14 Sep 2003 22:03:32 -0400 (EDT)
From: Sean Donelan <sean@...elan.com>
To: nanog@...it.edu
Subject: Microsoft announces new ways to bypass security controls
Message-ID: <Pine.GSO.4.44.0309142130320.978-100000@...fden.donelan.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-nanog@...it.edu
Precedence: bulk
Errors-To: owner-nanog-outgoing@...it.edu
X-Loop: nanog
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.11.1.3
For those not keeping up with Microsoft, because so many people have
started blocking Netbios, RPC, SMB, etc; Microsoft announced yet another
way to bypass security.
On August 1, Microsoft introduced Exchange 2003. With Outlook 2003 this
introduces an new implementation fo Exchange's MAPI protocol over HTTP
allowing clients to natively connect to Exchange servers without using a
virtual private network (VPN).
Steve Conn, Microsoft's Product manager was quoted as "Since we have got a
good implementation, we're going to keep supporting it." Microsoft will
evangelise the new protocol, and developers of other mail clients and
servers will be encouraged to implement it.
http://www.microsoft.com/office/ork/xp/beta/three/ch8/OutC07.htm
"Outlook 2003 now offers a better alternative to VPN connections -- RPC
over HTTP. With this feature, users can have security-enhanced access to
their Exchange Server accounts from the Internet when they are working
outside your organization's firewall. Users do not need any special
connections or hardware, such as smart cards and security tokens, and they
can still get to their Exchange accounts even if the Exchange server and
client computer behind the firewall are on different networks."
By the way, Microsoft's RPC-Over-HTTP uses one of the ports in another
Microsoft security advisory concerning RPC vulnerabilities. Extending
the list of dangerous ports to include 593, RPC-over-HTTP. A suggested
work around, use a virtual private network (VPN).
Of course, Microsoft isn't the only one with mail protocol security
weaknesses.
POP3 is probably responsible for more cleartext passwords being
transmitted over the Internet than any other network protocol.
Powered by blists - more mailing lists