Security Basics mailing list archives

Re: DCOM Hotfix breaks our software

From: "Jay Woody" <jay_woody () tnb com>
Date: Tue, 19 Aug 2003 18:45:45 -0500

I think the guys from eEye posted and said that left you vulnerable
still.

JayW

"Christophor Rick" <crick () uwm edu> 08/19/03 12:48PM >>>

Alex,

 There was a workaround before the fix came out. On the Windows 2000
and XP
machines you can run dcomcnfg and under Component Services --> Computer
-->
My computer right click to properties. Under the default properties tab
you
can uncheck "Enable Distributed COM on this computeer" that should
close the
vulnerability for the time being. It basically refuses connection on
port
135 from what I understand. When you then run the 823980 scan utility
it
should show up as refused connection or unable to connect.

Chris

---
Christophor Rick
Lapham Hall Room 240
UW-Milwaukee
Sr. Network Services


----- Original Message ----- 
From: "alex.mole@realtimeworlds" <alex.mole () realtimeworlds com>
To: <security-basics () securityfocus com>
Sent: Tuesday, August 19, 2003 4:40 AM
Subject: DCOM Hotfix breaks our software

Hi

So, having diligently patched our PCs with hotfix 823980, it turns

out
that

it breaks a piece of software that is critical to our work. Removing

the

hotfix fixes this software. It seems that the two are

incompatible...


We're speaking to our software vendor to see if anything can be done

about

it, but:

1) Has anyone else had issues with this fix? I've not noticed any
mentioned...
2) What would you suggest we do in the interim [until our software

can be

   fixed]? We are behind a firewall, but there are several users who

bring

   laptops into the office and use them on the network.


Thanks,

Alex

________________________________________________________________________

This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com

________________________________________________________________________

--------------------------------------------------------------------------
-

--------------------------------------------------------------------------
--


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003


---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

DCOM Hotfix breaks our software alex.mole@realtimeworlds (Aug 19)
- Re: DCOM Hotfix breaks our software Dedric Ramsey - Ramsey Consulting Svc. (Aug 19)
- Re: DCOM Hotfix breaks our software Christophor Rick (Aug 19)
  - Re: DCOM Hotfix breaks our software alex mole (Aug 19)
- <Possible follow-ups>
- Re: DCOM Hotfix breaks our software alex mole (Aug 19)
  - Re: DCOM Hotfix breaks our software David Nichols (Aug 20)
- Re: DCOM Hotfix breaks our software Jay Woody (Aug 19)
- DCOM Hotfix breaks our software nee cee (Aug 19)
- RE: DCOM Hotfix breaks our software Alfred . Diggs (Aug 20)
- RE: DCOM Hotfix breaks our software nee cee (Aug 20)