I too am seeing many of my clients remote PC's going down with this same RPC
and COM+ errors. The NT Authority auto shutdown that everyone is talking
about.


Basically all our users behind a firewall are not experiencing this problem.
Remote users that acces the interent and then come to our servers by way of
terminal connection are dropping like flies.
We have lost many systems today all going down one after another.

These remote systems, since they use slow dialup were not patched against
this RPC exploit. We are trying to now but MS site seems swamped and we are
unable. Fortunately these people can stay up because they can RAS into our
firewalled site and then user their browser to get the update. Users that
only have internet access can not stay up long enough to get updates.

All systems affected have the MSBlast.exe file that some poeple have talked
about.

Does any security person know whats going on?

How is the DOS working? Where is it coming from? Any word from Symantec or
Macafee on what msblast.exe is and what other files may have been affected?

Mark;
First, IMMEDIATELY disconnect from the internet before a "friend"
leaves a gift on your computer for you.
DO NOT reconnect until this issue is resolved.

Install or enable a firewall immediately.
http://support.microsoft.com/?kbid=283673

Run an updated virus scan.
Or Scan for Viruses online:
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=IRLFIZTYMWPAZTJWUFJ

Also be sure to update immediately to prevent this in the future:
http://windowsupdate.microsoft.com/

This will tell you more:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html


"Mark Jerome" > wrote in message
...
> I too am seeing many of my clients remote PC's going down with this
same RPC
> and COM+ errors. The NT Authority auto shutdown that everyone is
talking
> about.
>
>
> Basically all our users behind a firewall are not experiencing this
problem.
> Remote users that acces the interent and then come to our servers by
way of
> terminal connection are dropping like flies.
> We have lost many systems today all going down one after another.
>
> These remote systems, since they use slow dialup were not patched
against
> this RPC exploit. We are trying to now but MS site seems swamped and
we are
> unable. Fortunately these people can stay up because they can RAS
into our
> firewalled site and then user their browser to get the update. Users
that
> only have internet access can not stay up long enough to get
updates.
>
> All systems affected have the MSBlast.exe file that some poeple have
talked
> about.
>
> Does any security person know whats going on?
>
> How is the DOS working? Where is it coming from? Any word from
Symantec or
> Macafee on what msblast.exe is and what other files may have been
affected?
>
>
>

Well advise is sound but flawed. TO fix the computers we need the patch and
we need acces to get the NAV updates. Problems right now is how STUPID MS is
doing this and how unpapared they are. I can only find the patch through MS
update and NOT as a single file download. THis has immense consequences

Also for sites where we have lots of users on broadband our problem is that
MS has not provided this patch as a file which is utterly stupid!!! What
we all want to do is download ONE FILE. Then disconnect the entire site from
the internet. Then apply the patch to all the computers.

The way it is now we have to have each and every PC hit the internet to get
this patch. MS site is so bogged down it takes for ever. Before any patch
can be complete the PC's are getting nailed with this BUG. this is a viciuos
cycle we can't seem to get out of. Does anyone know where this stupid patch
can be downloaded as a file???



"Jupiter Jones [MVP]" > wrote in message
...
> Mark;
> First, IMMEDIATELY disconnect from the internet before a "friend"
> leaves a gift on your computer for you.
> DO NOT reconnect until this issue is resolved.
>
> Install or enable a firewall immediately.
> http://support.microsoft.com/?kbid=283673
>
> Run an updated virus scan.
> Or Scan for Viruses online:
>
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=IRLFIZTYMWPAZTJWUFJ
>
> Also be sure to update immediately to prevent this in the future:
> http://windowsupdate.microsoft.com/
>
> This will tell you more:
> http://www.microsoft.com/security/security_bulletins/ms03-026.asp
>
> --
> Jupiter Jones [MVP]
> An easier way to read newsgroup messages:
> http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
> http://dts-l.org/index.html
>
>
> "Mark Jerome" > wrote in message
> ...
> > I too am seeing many of my clients remote PC's going down with this
> same RPC
> > and COM+ errors. The NT Authority auto shutdown that everyone is
> talking
> > about.
> >
> >
> > Basically all our users behind a firewall are not experiencing this
> problem.
> > Remote users that acces the interent and then come to our servers by
> way of
> > terminal connection are dropping like flies.
> > We have lost many systems today all going down one after another.
> >
> > These remote systems, since they use slow dialup were not patched
> against
> > this RPC exploit. We are trying to now but MS site seems swamped and
> we are
> > unable. Fortunately these people can stay up because they can RAS
> into our
> > firewalled site and then user their browser to get the update. Users
> that
> > only have internet access can not stay up long enough to get
> updates.
> >
> > All systems affected have the MSBlast.exe file that some poeple have
> talked
> > about.
> >
> > Does any security person know whats going on?
> >
> > How is the DOS working? Where is it coming from? Any word from
> Symantec or
> > Macafee on what msblast.exe is and what other files may have been
> affected?
> >
> >
> >
>
>

Disregard last Post

Here is the file as a single download

http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en


"Jupiter Jones [MVP]" > wrote in message
...
> Mark;
> First, IMMEDIATELY disconnect from the internet before a "friend"
> leaves a gift on your computer for you.
> DO NOT reconnect until this issue is resolved.
>
> Install or enable a firewall immediately.
> http://support.microsoft.com/?kbid=283673
>
> Run an updated virus scan.
> Or Scan for Viruses online:
>
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=IRLFIZTYMWPAZTJWUFJ
>
> Also be sure to update immediately to prevent this in the future:
> http://windowsupdate.microsoft.com/
>
> This will tell you more:
> http://www.microsoft.com/security/security_bulletins/ms03-026.asp
>
> --
> Jupiter Jones [MVP]
> An easier way to read newsgroup messages:
> http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
> http://dts-l.org/index.html
>
>
> "Mark Jerome" > wrote in message
> ...
> > I too am seeing many of my clients remote PC's going down with this
> same RPC
> > and COM+ errors. The NT Authority auto shutdown that everyone is
> talking
> > about.
> >
> >
> > Basically all our users behind a firewall are not experiencing this
> problem.
> > Remote users that acces the interent and then come to our servers by
> way of
> > terminal connection are dropping like flies.
> > We have lost many systems today all going down one after another.
> >
> > These remote systems, since they use slow dialup were not patched
> against
> > this RPC exploit. We are trying to now but MS site seems swamped and
> we are
> > unable. Fortunately these people can stay up because they can RAS
> into our
> > firewalled site and then user their browser to get the update. Users
> that
> > only have internet access can not stay up long enough to get
> updates.
> >
> > All systems affected have the MSBlast.exe file that some poeple have
> talked
> > about.
> >
> > Does any security person know whats going on?
> >
> > How is the DOS working? Where is it coming from? Any word from
> Symantec or
> > Macafee on what msblast.exe is and what other files may have been
> affected?
> >
> >
> >
>
>

Maybe you should have properly secured your computers and installed the
patch a month ago when it was available.

Testy

"Mark Jerome" > wrote in message
...
> Well advise is sound but flawed. TO fix the computers we need the patch
and
> we need acces to get the NAV updates. Problems right now is how STUPID MS
is
> doing this and how unpapared they are. I can only find the patch through
MS
> update and NOT as a single file download. THis has immense consequences
>
> Also for sites where we have lots of users on broadband our problem is
that
> MS has not provided this patch as a file which is utterly stupid!!! What
> we all want to do is download ONE FILE. Then disconnect the entire site
from
> the internet. Then apply the patch to all the computers.
>
> The way it is now we have to have each and every PC hit the internet to
get
> this patch. MS site is so bogged down it takes for ever. Before any patch
> can be complete the PC's are getting nailed with this BUG. this is a
viciuos
> cycle we can't seem to get out of. Does anyone know where this stupid
patch
> can be downloaded as a file???
>
>
>
> "Jupiter Jones [MVP]" > wrote in message
> ...
> > Mark;
> > First, IMMEDIATELY disconnect from the internet before a "friend"
> > leaves a gift on your computer for you.
> > DO NOT reconnect until this issue is resolved.
> >
> > Install or enable a firewall immediately.
> > http://support.microsoft.com/?kbid=283673
> >
> > Run an updated virus scan.
> > Or Scan for Viruses online:
> >
>
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=IRLFIZTYMWPAZTJWUFJ
> >
> > Also be sure to update immediately to prevent this in the future:
> > http://windowsupdate.microsoft.com/
> >
> > This will tell you more:
> > http://www.microsoft.com/security/security_bulletins/ms03-026.asp
> >
> > --
> > Jupiter Jones [MVP]
> > An easier way to read newsgroup messages:
> > http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
> > http://dts-l.org/index.html
> >
> >
> > "Mark Jerome" > wrote in message
> > ...
> > > I too am seeing many of my clients remote PC's going down with this
> > same RPC
> > > and COM+ errors. The NT Authority auto shutdown that everyone is
> > talking
> > > about.
> > >
> > >
> > > Basically all our users behind a firewall are not experiencing this
> > problem.
> > > Remote users that acces the interent and then come to our servers by
> > way of
> > > terminal connection are dropping like flies.
> > > We have lost many systems today all going down one after another.
> > >
> > > These remote systems, since they use slow dialup were not patched
> > against
> > > this RPC exploit. We are trying to now but MS site seems swamped and
> > we are
> > > unable. Fortunately these people can stay up because they can RAS
> > into our
> > > firewalled site and then user their browser to get the update. Users
> > that
> > > only have internet access can not stay up long enough to get
> > updates.
> > >
> > > All systems affected have the MSBlast.exe file that some poeple have
> > talked
> > > about.
> > >
> > > Does any security person know whats going on?
> > >
> > > How is the DOS working? Where is it coming from? Any word from
> > Symantec or
> > > Macafee on what msblast.exe is and what other files may have been
> > affected?
> > >
> > >
> > >
> >
> >
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003

Mark;
Microsoft prepared for this.
This vulnerability has been on the news lately.
1. The patch was available weeks ago both by direct download and
Windows Update.
2. Windows XP has a built in firewall, why was no firewall in place
on your network?.
3. Your computer system should have an up to date reliable antivirus
application.
At least two of these did not happen.
You need to question the competency of your IT department and perhaps
train them in basic computer security and maintenance.
Until then expect the same thing next time.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html


"Mark Jerome" > wrote in message
...
> Well advise is sound but flawed. TO fix the computers we need the
patch and
> we need acces to get the NAV updates. Problems right now is how
STUPID MS is
> doing this and how unpapared they are. I can only find the patch
through MS
> update and NOT as a single file download. THis has immense
consequences
>
> Also for sites where we have lots of users on broadband our problem
is that
> MS has not provided this patch as a file which is utterly stupid!!!
What
> we all want to do is download ONE FILE. Then disconnect the entire
site from
> the internet. Then apply the patch to all the computers.
>
> The way it is now we have to have each and every PC hit the internet
to get
> this patch. MS site is so bogged down it takes for ever. Before any
patch
> can be complete the PC's are getting nailed with this BUG. this is a
viciuos
> cycle we can't seem to get out of. Does anyone know where this
stupid patch
> can be downloaded as a file???