The answer seems to be "it depends". There are really two MSDTC flaws,
CVE-2006-0034 and CVE-2006-1184 that are being discussed. Secunia rates the
cumulative security risk as "Moderately Critical" and weighs the DoS attack as
the dominate effect for modern Windows OSes. FRSIRT rates the cumulat
Hello Nick and people on the list
I have seen 2 servers last month which have been
hacked and actively used to scan TCP 3372 on foreign
IPs
There were servers which had port 3372 accessible
(a firewall rule misconfiguration was making TCP ports
>3000 accessible on the Internet)
I was not able
On 5/15/06, Hayes, Bill <[EMAIL PROTECTED]> wrote:
The CVE-2006-1184 flaw will cause DoS conditions.
The CVE-2006-0034 vulnerability will cause DoS conditions
and is exploitable on older systems. See eEye Digital Security
advisory AD20060509a, "Microsoft Distributed Transaction
Coordinator Heap