Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: RPC DCOM Update - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Over the weekend, scanning for the RPC DCOM vulnerability has increased. At least one 'auto-rooter' has been found in the wild. It will install a number of standard backdoors and an irc bot.

So far, the number of sources scanning is not increasing much. We observe 2000-3000 sources each day. This is an indication that there is currently no self replicating code (=worm).

Some question has been raised with respect to the vulnerability of Windows 9x and ME. According to Microsofts advisory, Windows ME is not vulnerable. Windows 9x does not include DCOM by default, but it is available as a free download. Some software, like Kiwi Syslog, requires the installation of RPC DCOM.


please send updates to

76 Posts
Aug 4th 2003

Sign Up for Free or Log In to start participating in the conversation!