lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <279680000.1059837911@localhost>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: NTBUGTRAQ on DCOM

This was just posted on NTBUGTRAQ.  Looks like SMS *is* affected if you 
shut off DCOM.

             ---Begin NTBUGTRAQ post---

So I have been running around recommending that everyone get DCOM disabled. 
My reasoning is that while the patch addresses the LSD vulnerability, it 
doesn't handle the XFocus DoS and who knows what else is left undiscovered. 
LSD's vulnerability was in there for 6 years unnoticed, despite the fact 
that numerous people have looked closely at the interface.

Unfortunately, like the problem we discovered with the MSDE issue, we have 
no list of things which break when DCOM is disabled. There are certainly 
some/many custom developed applications that use DCOM, at least you'd come 
away with that impression if you look at Microsoft's site or search Google. 
While they may be extremely important, I'm not really looking for that list.

What I'm looking for are things that are either built into the OS, an MS 
Server, or are very widely deployed. I'm only interested in something which 
doesn't work after you've disabled DCOM according to;

http://support.microsoft.com/default.aspx?scid=kb;en-us;825750

I plan on putting this into a web page which I'll call;

http://www.ntbugtraq.com/dcomfaq.asp

What follows is what I've been able to gather so far;

1. Microsoft provides a wonderfully vague warning, in KB 825750;

Warning, if you disable DCOM, may you may lose operating system 
functionality. After you disable support for DCOM, the following may result:

- Any COM objects that can be activated remotely may not function correctly.
- The local COM+ snap-in will not be able to connect to remote servers to 
enumerate their COM+ catalog.
- Certificate auto-enrollment may not function correctly.
- Windows Management Instrumentation (WMI) queries against remote servers 
may not function correctly.

There are potentially many built-in components and 3rd party applications 
that will be affected if you disable DCOM. Microsoft does not recommend 
that you disable DCOM in your environment until you have tested to discover 
what applications are affected. Disabling DCOM may not be workable in all 
environments.

2. Products that use DCOM;

- Microsoft Access Workflow Designer
- FrontPage with Visual Source Safe on IIS
- BizTalk Server schedule client
- Excel uses DCOM if it includes an RTD statement
- SMS uses DCOM to get the hardware inventory off a client
- Win95 needs Client for Microsoft Networks or DCOM to work with MS SNA 
Server

3. Luckily, Microsoft has provided special keywords for COM and DCOM in 
their Knowledgebase to make it easier to search for such articles, 
http://support.microsoft.com/default.aspx?scid=kb;en-us;249726 There are 40 
different keywords! They think that makes it easier??

Cheers,
Russ - NTBugtraq Editor

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ