DCOMbobulator announce

[YoKenny]

The quote from The Langa List:

"The DCOMbobulator does two things:
* It allows any Windows user to easily test and verify that their Windows'
DCOM system *has* been correctly patched to eliminate the serious remote
exploit vulnerability which recently brought us all of the MSBlast Internet
worm excitement. We have confirmed reports that Microsoft's patch sometimes
does not "take", leaving Windows still vulnerable. The DCOMbobulator let's
anyone check any local Windows system.
* Secondly, and really most importantly, since virtually NO ONE needs (or
has ever needed) to have DCOM running, the DCOMbobulator allows any Windows
user to safely and easily disable DCOM and unbind it from port 135. I do a
comprehensive job of this on ALL versions of Windows, so that if the Windows
Task Scheduler and the "Distributed Transaction Coordinator" (MSDTC)
services -- which both also use port 135 -- are also disabled, Windows TCP
port 135 will finally be closed. )"

http://www.langa.com/current.htm#2

Quote from the grc.com site:

"Our 29 kbyte "DCOMbobulator" allows any Windows user
to quickly check their system's DCOM vulnerability, then
simply shut down the unnecessary DCOM security risk. "

http://grc.com/dcom/

 

[Ramesh]

This utility disables the DCOM Support in the registry
(EnableDCOMSuppor=No). Refer MSKB article " Disabling DCom support in
windows"

--
Regards,
Ramesh
(e-mail address removed)


The quote from The Langa List:

"The DCOMbobulator does two things:
* It allows any Windows user to easily test and verify that their Windows'
DCOM system *has* been correctly patched to eliminate the serious remote
exploit vulnerability which recently brought us all of the MSBlast Internet
worm excitement. We have confirmed reports that Microsoft's patch sometimes
does not "take", leaving Windows still vulnerable. The DCOMbobulator let's
anyone check any local Windows system.
* Secondly, and really most importantly, since virtually NO ONE needs (or
has ever needed) to have DCOM running, the DCOMbobulator allows any Windows
user to safely and easily disable DCOM and unbind it from port 135. I do a
comprehensive job of this on ALL versions of Windows, so that if the Windows
Task Scheduler and the "Distributed Transaction Coordinator" (MSDTC)
services -- which both also use port 135 -- are also disabled, Windows TCP
port 135 will finally be closed. )"

http://www.langa.com/current.htm#2

Quote from the grc.com site:

"Our 29 kbyte "DCOMbobulator" allows any Windows user
to quickly check their system's DCOM vulnerability, then
simply shut down the unnecessary DCOM security risk. "

http://grc.com/dcom/

 

[YoKenny]

This utility disables the DCOM Support in the registry
(EnableDCOMSuppor=No). Refer MSKB article " Disabling DCom support in
windows"

http://support.microsoft.com/default.aspx?scid=kb;en-us;825750

The DCOMbobultator also varifies that the fix that closes the DCOM exploit
is correctly applied. It also gives a good description of why port 135 is
held open. This is one reason that people should install a firewall
nowadays.
Many people are afraid or unaware of how to use regedit so a small utility
like this makes it easy. The Shoot The Messenger is a similar application
but I do not recommend it as the real problem is that the ports used to send
Messenger spam are still open. UnPlug n' Pray is another good utility.
http://grc.com/freepopular.htm