Title: Message
Bingo!  Well said.  Can I add ANYTHING to what Roger has already indicated?
 
Nope.
 
Oh - RPC over HTTP sucks.  And yes - that is a Technical term.  But, then - he pretty much said that in a rather eloquent way.  =)
 

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Friday, September 12, 2003 6:41 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New RPC DOS

Actually, RPC over HTTP is one of the scariest concepts I've heard in a long time.
 
"Let's take a very insecure protocol and tunnel it through a protocol that everyone implicitly trusts"
 
RPC at its core was a bad idea, born in a time when everyone on the network trusted everyone else on the network. The same time, for instance, that things like SMTP was developed. When you really get into it, many of todays protocols were based on designs done during that time period.
 
Roger
--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-----Original Message-----
From: Chianese, David P. [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 2:45 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New RPC DOS

RPC over http is an absolute dream come true.  Exchange 2003 boasts this feature extensively.  I plan on implementation early 1st Qtr. next year.  (Right after our E2k upgrade is completed).
 
 
Regards,
 
Dave
-----Original Message-----
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 2:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] New RPC DOS

People have been talking about the long-term future of MAPI since at least Exchange 4.0. J

 


From: Bendall, Paul [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 1:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] New RPC DOS

 

Yeah I saw that with Windows 2003, Exchange 2003 and Outlook 2003 you can use MAPI over HTTP. But I wonder how secure this is going to be and what the long term future of MAPI is?

 

Paul

-----Original Message-----
From: Ken Cornetet [mailto:[EMAIL PROTECTED]
Sent: 11 September 2003 18:43
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] New RPC DOS

They are going to start encapsulating MAPI in HTTP.

-----Original Message-----
From: Bendall, Paul [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 11:59 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New RPC DOS

How about IMAP, Microsoft seemed very quiet about MAPI when Exchange 2000 came out. I wonder what the long term plan is for MAPI?

 

Paul

-----Original Message-----
From: Andy David [mailto:[EMAIL PROTECTED]
Sent: 11 September 2003 17:29
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] New RPC DOS

All MAPI clients use RPC to communicate with the server, whether 5.5 or E200x.

 

----- Original Message -----

Sent: Thursday, September 11, 2003 11:18 AM

Subject: RE: [ActiveDir] New RPC DOS

 

But if you use applications like Outlook with Exchange 5.5 then you can't communicate.

 

-----Original Message-----
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 9:41 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New RPC DOS

 

The solution is to do away with RPC entirely - but that's a major rewrite of things. On the other hand, I have plenty of Unix boxes running with RPC disabled and they run fine.

 

Let's remember RPC's major functionality can be replaced, but that's at the expense of more complex application design.

 

Roger

--------------------------------------------------------------
Roger D.. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc

-----Original Message-----
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 12:22 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] New RPC DOS

Todd,

 

>> Anyone have a clue as to how Microsoft plans to fix the RPC system to make it more secure?

 

Concentrate maybe one or two more people on looking at error checking on the input into the arrays/buffers in the RPC code?  ;op

 

I mean, really - a vuln lays around waiting for someone to find it for years, and in this short of a time 3 more vuls are found in roughly the same area, just different vectors?  I sure hope that there is a team pouring over the code that makes up RPC.

 

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)
Sent: Wednesday, September 10, 2003 2:15 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] New RPC DOS

Our Microsoft TAM notified us of this new issue  I waited to give them time to publish it to the various news sites. 

 

At 9AM PST, PSS will be announcing a new critical security bulletin (MS03-039).   This bulletin will address an RPC denial-of-service vulnerability in Windows products.    Please take the time today to go to the www.microsoft.com/security site to obtain the patch and directions for implementation.    Just trying to help you stay one step ahead!

 

I think it is very important to get this update on all your DC's even if they are behind a firewall ASAP.  We managed to mitigate blaster but these RPC DOS are starting to get really nasty.

 

Anyone have a clue as to how Microsoft plans to fix the RPC system to make it more secure?

 

Thanks,

 

Todd Myrick



----------------------------------------------------------------------
If you have received this e-mail in error or wish to read our e-mail
disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
----------------------------------------------------------------------



----------------------------------------------------------------------
If you have received this e-mail in error or wish to read our e-mail
disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
----------------------------------------------------------------------



This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation.

Reply via email to