Read on to determine if RPC over HTTP is installed and if it is how to secure your server against any attack that exploits this vulnerability.

The DCOM exploits present in Windows Server 2003, referenced in Microsoft Security Bulletin MS03-039 and CERT Advisory CA-2003-19, are also present in the RPC over HTTP interface.

This interface is not installed by default, but can be added using the Add / Remove Programs control panel applet.

To determine if RPC over HTTP is installed:

1. In Control Panel, click Add / Remove Programs.
2. Click Add / Remove Windows Components.
3. Click Networking Services, then click Details.
4. If the RPC over HTTP Proxy box is checked, then RPC over HTTP is installed on the server.

DCOM is a protocol than can be used oon top of RPC over HTTP. By default, any server with RPC over HTTP installed will accept DCOM requests using this protocol. Accepted DCOM requests are then sent to TCP port 593.

Security best practices demand the disabling or removal of all non-essential components and services. DCOM support within RPC over HTTP can be removed by modifying the registry.

To remove DCOM support within RPC over HTTP:

1. Use a registry editing tool to navigate to the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
2. Locate the ValidPorts value.
3. By default, the value will contain the following entry: :100-5000This allows RPC over HTTP to use TCP ports 100 through 5000. As DCOM uses TCP port 593, we can disable it as follows:
4. Edit the ValidPorts value to contain the following: :100-592;:594-5000
5. Remove or amend any other entries that contain reference to TCP port 593 or port ranges spanning TCP port 593 in the manner demonstrated above.

When you remove entries for port 593, you prevent DCOM from being used through the RPC over HTTP protocol, but RPC programs (like the Outlook 2003 client) are permitted to connect to the RPC server (Exchange 2003 Server) through RPC over HTTP. More information on RPC over HTTP can be found on the Microsoft website.

A network is two or more computers linked together in order to share data. From a security standpoint, the problem with networks is that unauthorized individuals might also be able to access that data. Network security is a term that encompasses your overall system for keeping your network as impenetrable as possible, be it hardware, software, or company policies.

Whether your network consists of two computers or two hundred computers, there are certain basic security measures you should have in place. Most of these measures aren’t complicated or expensive, and they don’t require any particular expertise in networking or computer security.

One of the most basic steps for securing your network is to have anti-virus software in place. Anti-virus software periodically sweeps your computer looking for known viruses. You can also choose to run a anti-virus test at any time. Once run, the software generates a report that lists the viruses detected. You are then able to select which, if any, of the viruses detected you want quarantined and removed. It’s more important that you keep your software up to date because new viruses are created and released every day.

Next, make sure you have a firewall in place. A firewall is like a gatekeeper. It’s a hardware/software combination that allows you to decide what goes in and out of your network. You determine the “trust level” to which your firewall is set. The trust level dictates which network connections will be automatically allowed and which will require specific permission. Firewalls come with a “default” setting which is unlikely to be stringent enough to meet your security needs. For optimum security, you should always manually set the trust settings to a higher degree of scrutiny.

Firewalls and anti-virus software are essential for another very important reason: they help protect your system from adware and spyware. Adware and spyware range from annoying to very dangerous. Adware slows down your system, and generates irritating pop-up ads that interfere with your work. Spyware is much more serious. It tracks your computer usage habits, and basically opens up a door to your network that allows hackers to penetrate your system without your knowing it.

Another simple measure is to regularly download patches for your software. Computer programs are tested for vulnerabilities and possible exploits before they are distributed to the public. However, it’s impossible to detect every single vulnerability in advance. As new exploits are discovered, companies “patch” their programs and software to prevent the exploitation of that vulnerability. Without these patches, the software and programs on your computer remain vulnerable.

Network security also depends on common sense. Weak passwords can cause big problems, but are easily avoided. Never use easy-to-guess passwords like your last name, phone number, or birth date. Always use a combination of letters and numbers. Your best bet is to avoid real words altogether and use a string of numbers and letters that stand for a saying or phrase you can easily remember.

Another common sense security measure is to delete suspicious-looking email. More importantly, never open or download an attachment from an email address you don’t recognize. Doing so could be inviting a virus right into your computer. When in doubt, follow this simple rule: delete without opening.

If your business, you should also put in place security policies to govern the behavior of authorized users. Even authorized users can pose a serious security risk, sometimes without realizing it. For instance, “I love to dance, I love to sing” could be “1L2D1L2S,” with the number 1 replacing the letter I.

Here are a few elements of a solid network security policy:

• Require your employees to change their passwords every 3 months.
• Do not allow employees to post their passwords on their desk or cubicle
• Immediately terminate a departing employee’s access to your network.
• Operate on the computer network equivalent to the “need to know” basis. Only allow an employee access to the programs and data that are essential to his or her job.
• Put all of your security guidelines down in writing, and post them where all of your employees can see them.

You want your network security policy to be tight, but not completely rigid. That is, if a given security measure is proving to be unworkable or a serious inconvenience, be willing to adjust. You can often achieve the same result through different means.

Last, but certainly not least, review your network security on a regular basis. A network that’s secure today may not be secure a few months down the road. Hackers are smart and are constantly developing ways to bypass security measures. Be smarter than the hackers by staying on the cutting edge of network security technology.

About the author

By: Paul Walsh

Article Directory: http://www.articledashboard.com

Paul Walsh www.protocolsolutions.co.uk

MySQL is prone to multiple vulnerabilities, including privilege-escalation and denial-of-service issues.

Exploiting the privilege-escalation vulnerability may allow attackers to perform certain actions with elevated privileges. Successful exploits of the denial-of-service issue will cause the database server to crash, denying service to legitimate users.

These issues affect versions prior to MySQL 5.0.52, MySQL 5.1.23, and MySQL 6.0.4.

To exploit these issues, attackers can use standard database client software in conjunction with standard operating system utilities.

Solution:
The vendor released updates to address these issues. Please see the references for more information.
Note that MySQL 6.0.4 and 5.1.23 have not been released yet.

I am sure most of you by now know there is a LKM (Loadable Kernel Module) exploit that is nasty and hard as heck to clean.

Read this thread at Webhosting Talk. Make sure you read it through as there is a users there that has investigated several boxes.

The original story first broke a week or so ago at TheRegister and then again a couple days ago at TheChannelRegister.

Now it seems this problem is not easily fixable yet it is very easy for your server to be infected if you are targeted.

Here is where Windows comes into this. The injected javascript looks for exploit, some already patched and one that is new. If you run any of the vulnerable software on your home computer you could be exploited and not even know it.
The vulnerable lie in these components and software

MSIE ADODB

VML

MSIE WebViewFolderIcon

MSIE RealPlayer

QuickTime

AOL Superbuddy

The first 4 are directly related to IE and were patched a while ago. Although patched some people don’t keep up so they’ll get infected.
I’m not familiar with AOL SuperBuddy so I don’t know if it is patched.

The QuickTime exploit is new as of Jan. 10TH and the alert was revised today, Jan 18TH. and affects the QuickTime Updater as well as Qucktime.

In conclusion if you have a server check the sites on it for inclusion of random javascript. Read the article or thread at WHT so you’ll know what to look for. If you’re on a shared host make sure your site isn’t serving the js.

For people using IE, I’m not sure if Firefox will make you vulnerable and from what I’ve read no one knows, make sure you either shutoff javascript or make sure all exploits are fixed. Uninstall Quicktime and QuickTime Updater. If you have it installed and make sure QuickTime is patched with the patched with the newest versions.

I hope no one that reads this is exploited.