10-13-2003 03:34 PM - edited 03-09-2019 05:08 AM
Rumors have been circulated about a worm/virus named Pink Floyd that reportly exploits an additional vulnerability related to the Microsoft Advisory MS03-039 concerning the MS RPC service. It is further reported that even patched systems are vulnerable. Exploits have been released to the Internet which allegedly use this weakness. Cisco has tested these exploits and found that signature 3330 (Windows RPCSS Overflow II) detects their precense. Microsoft is expected to comment on these rumors. Due to the uncertain nature of these facts, it is recommended that special scrutiny be given to any 3330 alarms occuring in your network for the near future.
10-14-2003 10:16 AM
This worm claims to only DOS the target box. I have yet to see a reply to my post on Bugtraq, but if the worm exploits MS03-039, and only DOSs the target, what then is the propagation mechanism of this supposed worm?
10-14-2003 10:33 AM
lifted from a Microsoft bulletin:
"...Exploit code currently available will provide a remote shell to an unpatched system. If the system has been patched with Microsoft Security Bulletin MS03-039, the system will not be compromised but may experience a Denial of Service. The Microsoft Security Response Center is actively investigating the issue of the Denial of Service."
SC
10-14-2003 12:02 PM
Which bulletin is that?
10-14-2003 12:27 PM
Its from one of their Premium Support Service updates...not a security bulletin per se.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide