史萊姆論壇

返回   史萊姆論壇 > 專業主討論區 > 軟體應用問題討論區
忘記密碼?
註冊帳號 論壇說明 標記討論區已讀

歡迎您來到『史萊姆論壇』 ^___^

您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的!

請點擊這裡:『註冊成為我們的一份子!』

Google 提供的廣告


發文 回覆
 
主題工具 顯示模式
舊 2003-08-12, 01:47 AM   #1
a5460224
榮譽勳章

勳章總數
UID -
在線等級:
文章: n/a
精華:
預設 請各位一定要幫幫忙我的電腦一直自動重新關機....

我的電腦會跑出個訊息視窗顯示著"Generic Host Process for Win32 Services"
接著便會開始自動倒數60秒後就自動重新啟動
而我也試著將C槽格式化在重灌過後也還是會一直跑出這個訊息
不知道哪為大大可以幫幫我阿....
 
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2003-08-12, 02:16 AM   #2 (permalink)
2dayisholiday
榮譽勳章

勳章總數
UID -
在線等級:
文章: n/a
精華:
預設

我剛剛才發生的..............問題跟你一模一樣
 
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2003-08-12, 02:41 AM   #3 (permalink)
imatb
榮譽勳章

勳章總數
UID -
在線等級:
文章: n/a
精華:
預設

不知道我的情況是不是和各位大大一樣??
今天下午還好好的,晚上用就出問題了...
開機不到三分鐘就重新開機,也是會跑出訊息倒數60秒...
一直重開,根本無法使用!!
小弟在千均一髮時把訊息方塊弄下來,請各位大大幫我瞧瞧問題到底出在哪裡??
感激不盡...

http://home.pchome.com.tw/web/owltb/shit.jpg
 
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2003-08-12, 02:50 AM   #4 (permalink)
註冊會員
榮譽勳章
UID - 21008
在線等級: 級別:10 | 在線時長:140小時 | 升級還需:25小時級別:10 | 在線時長:140小時 | 升級還需:25小時級別:10 | 在線時長:140小時 | 升級還需:25小時級別:10 | 在線時長:140小時 | 升級還需:25小時級別:10 | 在線時長:140小時 | 升級還需:25小時
註冊日期: 2003-01-02
VIP期限: 2008-08
文章: 20
精華: 0
現金: 5521 金幣
資產: 5521 金幣
預設

我的電腦剛剛也這樣.但是不知道是什麼原因
但是我是這麼解決的
控制台->系統管理工具->服務->找到 Remote Procedure Call (RPC) 按右鍵->內容->修復 裡面前3項都選(不執行動作)再重開
hjch 目前離線  
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2003-08-12, 03:09 AM   #5 (permalink)
imatb
榮譽勳章

勳章總數
UID -
在線等級:
文章: n/a
精華:
預設

謝謝hjch大大~
暫時解決了一直重開機的問題...
只是不知道原因,心裡還是毛毛的~~
 
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2003-08-12, 03:40 AM   #6 (permalink)
f123982592
榮譽勳章

勳章總數
UID -
在線等級:
文章: n/a
精華:
預設

小弟也是一樣有遇到相同ㄉ問題
不過跟 hjch 這位大大ㄉ方式解決ㄌ之後 發生ㄌ一ㄍ問題
問題就是 再整理檔案ㄉ時候 剪下 和 貼上 還有複製 ㄉ功能通通失效ㄌ
還有再瀏覽網頁ㄉ時候也會出現停止不動ㄉ問題 不知道有大大知道原因ㄇ
 
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2003-08-12, 04:59 AM   #7 (permalink)
註冊會員
榮譽勳章

勳章總數
UID - 10106
在線等級: 級別:0 | 在線時長:0小時 | 升級還需:5小時
註冊日期: 2002-12-12
VIP期限: 2005-11
住址: 台灣省
文章: 90
精華: 0
現金: -2 金幣
資產: -2 金幣
預設

hjch 大大的方式並不可行

請參考此網址

http://microsoft.com/downloads/detai...2-3DE40F69C074

下載

WindowsXP-KB823980-x86-CHT.exe


http://download.microsoft.com/downl...980-x86-CHT.exe

TW-CA-2003-076-[ Microsoft Security Bulletin MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution (823980) ]

--------------------------------------------------------------------------------

TWCERT發布日期: 2003-07-29
原漏洞發布日期: 2003-07-21
分類: Gain Priviledge。

來源參考: Microsoft Security Bulletin MS03-026


--------------------------------------------------------------------------------
簡述
--------------------------------------------------------------------------------

誰應該閱讀此篇文件: 使用Microsoft® 作業系統的使用者
受影響的地方 : 執行攻擊者的程式碼
風險值 : 緊急
建議 : 系統管理者立即安裝修補程式。


有關此修正程式的相關資訊可以參考下列的網址:
http://www.microsoft.com/technet/se...in/MS03-026.asp



--------------------------------------------------------------------------------
說明
--------------------------------------------------------------------------------

Remote Procedure Call (RPC,遠端程序呼叫),是微軟的作業系統所使用的協定之一。
RPC提供程序間的溝通機制(inter-process communication mechanism),這項機制允許
一個在本地端電腦上執行的程式,能夠無異於在本地端執行程式般地在遠端電腦上執行
程式。微軟RPC這項協定本身是源自於開放性軟體基金會(OSF, Open Software Foundation)
的RPC協定,但是再多增加一些微軟特有的功能擴充。

目前,RPC在處理利用TCP/IP通訊協定交換訊息的部分存在一項弱點。這弱點是起因於未能
正確地處置格式錯誤之訊息(malformed messages)所引起的。而這項特有的弱點會影響到
RPC的DCOM(Distributed Component Object Model (DCOM),分散式元素物件模組)界面,該
界面會傾聽一些啟動RPC的通訊埠,用來處理客戶端機器送給伺服器端的DCOM物件之「啟動
(activation)」請求。若攻擊者可以成功地攻擊這項弱點,那麼就可以在受弱點影響的系統
上以Local System權限執行程式碼。之後,攻擊者就可以在系統上執行任何動作,包括安裝
程式,檢視、修改或刪除資料,或是建立新的完整權限的帳戶。

為了攻擊這項弱點,攻擊者需要送一個特殊格式的要求給遠端電腦上啟用RPC的特定通訊
埠。

弱點減緩因素:
- 為了攻擊這項弱點,攻擊者需要具備發送特殊製作的要求的能力給遠端已開啟135、139或
445埠號、或任何其他設定了RPC通訊埠的遠端電腦。在內部網路環境中,這些通訊埠可正常
存取,但是對連接上Internet的機器而言,最好可以透過防火牆來封鎖。在這些通訊埠沒有
被封鎖,或是內部網路的情形下,攻擊者就不需要任何額外的使用權限。

- 實務上最佳作法是建議封鎖所有TCP/IP實際上未使用的埠號,且大部分的防火牆,包含
Windows Internet Connection Firewall(ICF)也都預設封鎖了這些通訊埠。為此,大部份
連上網際網路的機器都將必須封鎖利用TCP或UDP的RPC通訊埠。透過UDP或TCP的RPC並不是設
計來使用在不友善的環境裡的,例如Internet。使用者可以改用更為強健的通訊協定,像是
透過HTTP的RPC功能就是提供來使用在不友善的網路環境底的。

使用者若想學習更多有關於客戶端/伺服器端RPC安全議題,請參考以下網址:
http://msdn.microsoft.com/library/d...rl=/library/en-
us/rpc/rpc/writing_a_secure_rpc_client_or_server.asp

使用者想要了解更多有關於RPC所使用的通訊埠號,請至以下網址參考:
http://www.microsoft.com/technet/pr...it/tcpip/part4/
tcpappc.asp

風險值:
Windows NT 4.0 Critical
Windows NT 4.0 Terminal Server Edition Critical
Windows 2000 Critical
Windows XP Critical
Windows Server 2003 Critical
以上評估(http://www.microsoft.com/technet/se...pics/rating.asp)的根據包
括:受弱點影響的系統類型、系統的一般部署模式,以及利用弱點對系統所造成的影響
後果。

弱點識別號: CAN-2003-0352
http://www.cve.mitre.org/cgi-bin/cv...e=CAN-2003-0352)

測試的平台:
微軟在 Windows Me, Windows NT 4.0, Windows NT 4.0 Terminal Services Edition,
Windows 2000, Windows XP and Windows Server 2003環境下做弱點評估測試;早先發行的
版本(http://support.microsoft.com/directory/discontinue.asp)已不再支援,因此不確
定是否受到這漏洞的影響。



--------------------------------------------------------------------------------
影響平台
--------------------------------------------------------------------------------

Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003

不受影響系統:
Microsoft Windows Millennium Edition



--------------------------------------------------------------------------------
修正方式
--------------------------------------------------------------------------------

此修補檔下載位置:
- Windows NT 4.0 Server
http://microsoft.com/downloads/deta...217E-4FA7-BDBF-
DF77A0B9303F&displaylang=en

- Windows NT 4.0, Terminal Server Edition
http://microsoft.com/downloads/deta...64FA-424C-A3C1-
C9FAD2DC65CA&displaylang=en

- Windows 2000 Server
http://microsoft.com/downloads/deta...F541-4C15-8C9F-
220354449117&displaylang=en

- Windows XP 32 bit Edition
http://microsoft.com/downloads/deta...C5B6-44AC-9532-
3DE40F69C074&displaylang=en

- Windows XP 64 bit Edition
http://microsoft.com/downloads/deta...4A85-488F-80E3-
C347ADCC4DF1&displaylang=en

- Windows Server 2003 32 bit Edition
http://microsoft.com/downloads/deta...9F4C-4061-9009-
3A212458E92E&displaylang=en

- Windows Server 2003 64 bit Edition
http://microsoft.com/downloads/deta...C3F0-4EC1-995F-
017E35692BC7&displaylang=en

關於修補程式的其他資訊:
安裝平台:
- Windows NT Server 4.0的修補檔可以安裝到執行Windows NT Server 4.0 Service
Pack 6a(http://www.microsoft.com/NTServer/n...ecommended/SP6/
allsp6.asp)的系統上。

- Windows NT Server, Terminal Server Edition的修補檔可以安裝到執行Windows NT
Server, Terminal Server Edition Service Pack 6(http://www.microsoft.com/
NTServer/ProductInfo/News/Terminal/TseSP6.asp)的系統上。

- Windows 2000的修補檔可以安裝至執行windows2000 Service Pack 3
(http://www.microsoft.com/windows200...sp3/default.asp)或
Service Pack 4(http://www.microsoft.com/windows200...s/servicepacks/
sp4/default.asp)的系統上。

- Windows XP的修補檔可以安裝至執行windows XP GOLD或Service Pack1
(http://www.microsoft.com/TechNet/Se...ews/WXPSP1s.asp)的系統上。

- Windows 2003的修補檔可以安裝至執行windows 2003 SERVER GOLD的系統上。

包含於未來的service packs:
這些修補檔未來將收錄在Windows 2000 Service Pack 5, Windows XP Service Pack 2,
和Windows Server 2003 Service Pack 1。

安裝完畢後是否需要重新開機:需要。

修補檔可否反安裝:可以。

取代過去的修補檔:無。

驗証修補檔安裝:
- WINDOWS NT 4.0
為了驗証該項修補檔已安裝至電腦上,請確認知識庫中第823980號文件中檔案清單列表中所
有檔案是否有安裝在電腦中。

- WINDOWS NT 4.0 Terminal Server Edition
為了驗証該項修補檔已安裝至電腦上,請確認知識庫中第823980號文件中檔案清單列表中所
有檔案是否有安裝在電腦中。

- WINDOWS2000
為了驗証修補檔己經安裝在電腦上,請確認電腦上是否已建立下列登錄碼
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823980。

若要確認各別的檔案已安裝至系統上,使用者可在目前的系統上找到知識庫文件第82980號
文件中去查閱列舉出來的檔案與它們的日期/時間戳記。

- Windows XP
-- Windows XP Gold
為了驗証修補檔己經安裝在電腦上,請確認電腦上是否已建立下列登錄碼
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB823980。

若要確認各別的檔案已安裝至系統上,使用者可在目前的系統上找到知識庫文件第823980號
文件中去查閱列舉出來的檔案與它們的日期/ 時間戳記。

-- Windows XP Service Pack 1
為了驗証修補檔己經安裝在電腦上,請確認電腦上是否已建立下列登錄碼
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980。

若要確認各別的檔案已安裝至系統上,使用者可在目前的系統上找到知識庫文件第823980號
文件中去查閱列舉出來的檔案與它們的日期/ 時間戳記。

- WINDOWS2003
為了驗証修補檔己經安裝在電腦上,請確認電腦上是否已建立下列登錄碼
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Window Server 2003\SP1\KB823980。

若要確認各別的檔案已安裝至系統上,使用者可在目前的系統上找到知識庫文件第82980號
文件中去查閱列舉出來的檔案與它們的日期/時間戳記。

可由下列方式取得其他修正程式:
- 可經由微軟程式下載中心(Microsoft Download Center)中取得,可使用
 "security_patch" 字串尋找。
- 微軟的使用者可經由 WindowsUpdate 的網站取得
 http://windowsupdate.microsoft.com/。



--------------------------------------------------------------------------------
影響結果
--------------------------------------------------------------------------------

執行攻擊者的程式碼


--------------------------------------------------------------------------------
連絡 TWCERT/CC
--------------------------------------------------------------------------------

Tel: 886-7-5250211 FAX: 886-7-5250212
886-2-23563303 886-2-23924082
Email: twcert@cert.org.tw
URL: http://www.cert.org.tw/
PGP key: http://www.cert.org.tw/eng/pgp.htm


--------------------------------------------------------------------------------

附件: [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)]

--------------------------------------------------------------------------------
原文
--------------------------------------------------------------------------------

Microsoft Security Bulletin MS03-026


Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Originally posted: July 16, 2003

Revised: July 18, 2003

Summary
Who should read this bulletin: Users running Microsoft ® Windows ®

Impact of vulnerability: Run code of attacker’s choice

Maximum Severity Rating: Critical

Recommendation: Systems administrators should apply the patch immediately

End User Bulletin: An end user version of this bulletin is available at:

http://www.microsoft.com/security/s...s/ms03-026.asp.

Affected Software:

Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server™ 2003
Not Affected Software:

Microsoft Windows Millennium Edition

Technical details
Technical description:


Microsoft originally released this bulletin and patch on July 16, 2003 to
correct a security vulnerability in a Windows Distributed Component Object
Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is
effective in eliminating the security vulnerability. However, the “mitigating
factors” and “workarounds” discussions in the original security bulletin did
not clearly identify all of the ports by which the vulnerability could
potentially be exploited. We have updated this bulletin to more clearly
enumerate the ports over which RPC services can be invoked, and to ensure that
customers who have chosen to implement a workaround before installing the patch
have the information that they need to protect their systems. Customers who
have already installed the patch are protected from attempts to exploit this
vulnerability, and need take no further action.

Remote Procedure Call (RPC) is a protocol used by the Windows operating system.
RPC provides an inter-process communication mechanism that allows a program
running on one computer to seamlessly execute code on a remote system. The
protocol itself is derived from the Open Software Foundation (OSF) RPC
protocol, but with the addition of some Microsoft specific extensions.

There is a vulnerability in the part of RPC that deals with message exchange
over TCP/IP. The failure results because of incorrect handling of malformed
messages. This particular vulnerability affects a Distributed Component Object
Model (DCOM) interface with RPC, which listens on RPC enabled ports. This
interface handles DCOM object activation requests that are sent by client
machines to the server. An attacker who successfully exploited this
vulnerability would be able to run code with Local System privileges on an
affected system. The attacker would be able to take any action on the system,
including installing programs, viewing changing or deleting data, or creating
new accounts with full privileges.

To exploit this vulnerability, an attacker would need to send a specially
formed request to the remote computer on specific RPC ports.



Mitigating factors:

To exploit this vulnerability, the attacker would require the ability to send a
specially crafted request to port 135, 139, or 445 or any other specifically
configured RPC port on the remote machine. For intranet environments, these
ports would normally be accessible, but for Internet connected machines, these
would normally be blocked by a firewall. In the case where these ports are not
blocked, or in an intranet configuration, the attacker would not require any
additional privileges.
Best practices recommend blocking all TCP/IP ports that are not actually being
used, and most firewalls including the Windows Internet Connection Firewall
(ICF) block those ports by default. For this reason, most machines attached to
the Internet should have RPC over TCP or UDP blocked. RPC over UDP or TCP is
not intended to be used in hostile environments such as the Internet. More
robust protocols such as RPC over HTTP are provided for hostile environments.
To learn more about securing RPC for client and server please refer to
http://msdn.microsoft.com/library/d...rl=/library/en-
us/rpc/rpc/writing_a_secure_rpc_client_or_server.asp.

To learn more about the ports used by RPC, please refer to:
http://www.microsoft.com/technet/pr...it/tcpip/part4/
tcpappc.asp


Severity Rating: Windows NT 4.0 Critical
Windows NT 4.0 Terminal Server Edition Critical
Windows 2000 Critical
Windows XP Critical
Windows Server 2003 Critical
The above assessment is based on the types of systems affected by the
vulnerability, their typical deployment patterns, and the effect that
exploiting the vulnerability would have on them.

Vulnerability identifier: CAN-2003-0352

Tested Versions:
Microsoft tested Windows Me, Windows NT 4.0, Windows NT 4.0 Terminal Services
Edition, Windows 2000, Windows XP and Windows Server 2003, to assess whether
they are affected by this vulnerability. Previous versions are no longer
supported, and may or may not be affected by this vulnerability.


Frequently asked questions
Why have you revised this bulletin?

Subsequent to the release of this bulletin Microsoft has been made aware that
additional ports involving RPC can be used to exploit this vulnerability.
Information regarding these additional ports has been added to the mitigating
factors and the Workaround section of the bulletin.

If I have installed the patch provided with the original bulletin, am I still
protected?

Yes. There has been no update to the patch itself, and the patch will still
correct the vulnerability. This additional information is being provided to
those customers who may require a temporary workaround until they can apply the
patch.

What’s the scope of the vulnerability?

This is a buffer overrun vulnerability. An attacker who successfully exploited
this vulnerability could gain complete control over a remote computer. This
would give the attacker the ability to take any action on the server that they
want. For example, and attacker could change Web pages, reformat the hard disk,
or add new users to the local administrators group.

To carry out such an attack, an attacker would require the ability to send a
malformed message to the RPC service and thereby cause the target machine to
fail in such a way that arbitrary code could be executed.


What causes the vulnerability?

The vulnerability results because the Windows RPC service does not properly
check message inputs under certain circumstances. This particular failure
affects an underlying Distributed Component Object Model (DCOM) interface,
which listens on RPC enabled ports. By sending a malformed RPC message, an
attacker could cause the RPC service on a machine to fail in such a way that
arbitrary code could be executed. interface with RPC on the remote machine to
fail in such a way that arbitrary code could be executed.

What is DCOM?

The Distributed Component Object Model (DCOM) is a protocol that enables
software components to communicate directly over a network. Previously
called "Network OLE," DCOM is designed for use across multiple network
transports, including Internet protocols such as HTTP. More information about
DCOM can be found at the following website:

http://www.microsoft.com/com/tech/dcom.asp

What is RPC (Remote Procedure Call)?

Remote Procedure Call (RPC) is a protocol that a program can use to request a
service from a program located on another computer in a network. RPC helps with
interoperability because the program using RPC does not have to understand the
network protocols that are supporting communication. In RPC, the requesting
program is the client and the service-providing program is the server.

What's wrong with Microsoft’s implementation of Remote Procedure Call (RPC)?

There is a flaw in a part of RPC that deals with message exchange over TCP/IP.
A failure results because of incorrect handling of malformed messages. This
particular failure affects an underlying DCOM interface, which listens on
TCP/IP port 135, and can be reached via ports 139 and 445. By sending a
malformed RPC message, an attacker could cause the RPC service on a machine to
fail in such a way that arbitrary code could be executed.

Is this a flaw in the RPC Endpoint Mapper?

No - The flaw actually occurs in a low level DCOM interface within the RPC
process. The RPC endpoint mapper allows RPC clients to determine the port
number currently assigned to a particular RPC service. An endpoint is a
protocol port or named pipe on which the server application listens to for
client remote procedure calls. Client/server applications can use either well-
known or dynamic ports.

Security Bulletin MS03-010 also involved RPC yet you could not fix that
vulnerability on Windows NT 4.0. How were you able to fix this vulnerability on
Windows NT 4.0?

The flaw in this case lies in an underlying DCOM interface to RPC, and not the
overall RPC implementation or the RPC Endpoint Mapper itself. As a result, it
was possible to address this vulnerability in Windows NT 4.0 without needing to
rearchitect significant portions of the Windows NT 4.0 operating system, as
would have been required by a Windows NT 4.0 patch for security bulletin MS03-
010.

What could this vulnerability enable an attacker to do?

An attacker who successfully exploited this vulnerability would be able to run
code with Local System privileges on an affected system. The attacker would be
able to take any action on the system, including installing programs, viewing
changing or deleting data, or creating new accounts with full privileges.

How could an attacker exploit this vulnerability?

An attacker could seek to exploit this vulnerability by programming a machine
that could communicate with a vulnerable server over RPC to send a specific
kind of malformed RPC message. Receipt of such a message could cause the RPC
service on the vulnerable machine to fail in such a way that it could execute
arbitrary code.

Who could exploit the vulnerability?

Any user who could deliver a TCP request to an RPC interface to an affected
computer could attempt to exploit the vulnerability. Because RPC requests are
on by default in all versions of Windows, this in essence means that any user
who could establish a connection with an affected computer could attempt to
exploit the vulnerability.

It could also be possible to access the affected component through another
vector, such as one that would involve logging onto the system interactively or
by using another application similar that passed parameters to the vulnerable
component either locally or remotely.

What does the patch do?

The patch corrects the vulnerability by altering the DCOM interface to properly
check the information passed to it.




Workarounds


Are there any workarounds that can be used to block exploitation of this
vulnerability while I am testing or evaluating the patch?

Yes. Although Microsoft urges all customers to apply the patch at the earliest
possible opportunity, there are a number of workarounds that can be applied to
help prevent the vector used to exploit this vulnerability in the interim.

It should be noted that these workarounds should be considered temporary
measures as they just help block paths of attack rather than correcting the
underlying vulnerability.

The following sections are intended to provide you with information to help
protect your computer from attack. Each section describes the workarounds that
you may want to use depending on your computer’s configuration.

Each section describes the workarounds available depending on your required
level of functionality.


Block RPC interface ports at your firewall.
Port 135 is used to initiate an RPC connection with a remote computer. In
addition, there are other RPC interface ports that could be used by an attacker
to remotely exploit this vulnerability. Blocking the following ports at the
firewall will help prevent systems behind that firewall from being attacked by
attempts to exploit this vulnerability:

TCP/UDP Port 135
TCP/UDP Port 139
TCP/UDP Port 445

In addition, customers may have configured services or protocols that use RPC
that might also be accessible from the Internet. Systems administrators are
strongly encouraged to examine RPC ports that are exposed to the Internet and
to either block these ports at their firewall, or apply the patch immediately.


Internet Connection Firewall.
If you are using the Internet Connection Firewall in Windows XP or Windows
Server 2003 to protect your Internet connection, it will by default block
inbound RPC traffic from the Internet.

Disable DCOM on all affected machines
When a computer is part of a network, the DCOM wire protocol enables COM
objects on that computer to communicate with COM objects on other computers.
You can disable DCOM for a particular computer to help protect against this
vulnerability, but doing so will disable all communication between objects on
that computer and objects on other computers.

If you disable DCOM on a remote computer, you will not be able to remotely
access that computer afterwards to reenable DCOM. To reenable DCOM, you will
need physical access to that computer.

To manually enable (or disable) DCOM for a computer:

1. Run Dcomcnfg.exe.


If you are running Windows XP or Windows Server 2003 perform these additional
steps:

Click on the Component Services node under Console Root.
Open the Computers sub-folder.
For the local computer, right click on My Computer and choose Properties.
For a remote computer, right click on the Computers folder and choose New then
Computer. Enter the computer name. Right click on that computer name and choose
Properties.
2. Choose the Default Properties tab.
3. Select (or clear) the Enable Distributed COM on this Computer check box.

4. If you will be setting more properties for the machine, click the Apply
button to enable (or disable) DCOM. Otherwise, click OK to apply the changes
and exit Dcomcnfg.exe.


Patch availability
Download locations for this patch
Windows NT 4.0 Server
Windows NT 4.0 Terminal Server Edition
Windows 2000
Windows XP 32 bit Edition
Windows XP 64 bit Edition
Windows Server 2003 32 bit Edition
Windows Server 2003 64 bit Edition

Additional information about this patch
Installation platforms:

The Windows NT 4.0 patch can be installed on systems running Service Pack 6a.
The Windows NT 4.0, Terminal Server Edition patch can be installed on systems
running Windows NT 4.0, Terminal Server Edition Service Pack 6.
The Windows 2000 patch can be installed on systems running Windows 2000 Service
Pack 3, or Service Pack 4.
The patch for Windows XP can be installed on systems running Windows XP Gold or
Service Pack 1.
The patch for Windows Server 2003 can be installed on systems running Windows
Server 2003 Gold.
Inclusion in future service packs:
The fix for this issue will be included in Windows 2000 Service Pack 5, Windows
XP Service Pack 2, and Windows Server 2003 Service Pack 1.

Reboot needed: Yes.

Patch can be uninstalled: Yes.

Superseded patches: None.

Verifying patch installation:

Windows NT 4.0:
To verify that the patch has been installed on the machine, confirm that all
files listed in the file manifest in Knowledge Base article 823980 are present
on the system.
Windows NT 4.0 Terminal Server Edition:
To verify that the patch has been installed on the machine, confirm that all
files listed in the file manifest in Knowledge Base article 823980 are present
on the system.
Windows 2000:
To verify that the patch has been installed on the machine, confirm that the
following registry key has been created on the machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823980.

To verify the individual files, use the date/time and version information
provided in the file manifest in Knowledge Base article 823980 are present on
the system.

Windows XP:
To verify that the patch has been installed on the machine, confirm that the
following registry key has been created on the machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980.

To verify the individual files, use the date/time and version information
provided in the file manifest in Knowledge Base article 823980 are present on
the system.

Windows Server 2003:
To verify that the patch has been installed on the machine, confirm that the
following registry key has been created on the machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Window Server 2003\SP1\KB823980.

To verify the individual files, use the date/time and version information
provided in the file manifest in Knowledge Base article 823980 are present on
the system.

Caveats:
None

Localization:
Localized versions of this patch are available at the locations discussed in
“Patch Availability”.

Obtaining other security patches:
Patches for other security issues are available from the following locations:

Security patches are available from the Microsoft Download Center, and can be
most easily found by doing a keyword search for "security_patch".
Patches for consumer platforms are available from the WindowsUpdate web site
Other information:
Acknowledgments
Microsoft thanks The Last Stage of Delirium Research Group for reporting this
issue to us and working with us to protect customers.

Support:

Microsoft Knowledge Base article 823980 discusses this issue and will be
available approximately 24 hours after the release of this bulletin. Knowledge
Base articles can be found on the Microsoft Online Support web site.
Technical support is available from Microsoft Product Support Services. There
is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Web Site provides additional
information about security in Microsoft products.

Disclaimer:
The information provided in the Microsoft Knowledge Base is provided "as is"
without warranty of any kind. Microsoft disclaims all warranties, either
express or implied, including the warranties of merchantability and fitness for
a particular purpose. In no event shall Microsoft Corporation or its suppliers
be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if Microsoft
Corporation or its suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may not apply.

Revisions:


V1.0 (July 16, 2003): Bulletin Created.
V1.1 (July 18, 2003): Mitigating factors and Workaround section updated to
reflect additional ports.

kuoyichia@hotmail.com
kuoyichia 目前離線  
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖
舊 2003-08-12, 05:42 AM   #8 (permalink)
註冊會員
 
snoopy 的頭像
榮譽勳章
UID - 33737
在線等級: 級別:49 | 在線時長:2676小時 | 升級還需:24小時級別:49 | 在線時長:2676小時 | 升級還需:24小時級別:49 | 在線時長:2676小時 | 升級還需:24小時級別:49 | 在線時長:2676小時 | 升級還需:24小時
註冊日期: 2003-02-02
VIP期限: 2011-06
住址: 台南共和國
文章: 1831
精華: 0
現金: 12744 金幣
資產: 12834 金幣
預設

http://www.slime2.com.tw/forums/show...threadid=59220

參考這裡
snoopy 目前離線  
送花文章: 623, 收花文章: 392 篇, 收花: 1288 次
回覆時引用此帖
發文 回覆


主題工具
顯示模式

發表規則
不可以發文
不可以回覆主題
不可以上傳附加檔案
不可以編輯您的文章

論壇啟用 BB 語法
論壇啟用 表情符號
論壇啟用 [IMG] 語法
論壇禁用 HTML 語法
Trackbacks are 禁用
Pingbacks are 禁用
Refbacks are 禁用


所有時間均為台北時間。現在的時間是 08:26 PM


Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2019, Jelsoft Enterprises Ltd.


SEO by vBSEO 3.6.1