Page 1 of 1

Known vulnerabilities in Windows

PostPosted: Sat Nov 22, 2008 10:40 am
by mln
Most of the worms, in particular the most famous, use known vulnerabilities in Windows services which are enabled by default and that often can’t be disabled via the OS’s configuration.
Even with these services patched with Microsoft security fixes, they are still exposed to the Internet at large ready to be exploited by the next exploit.

These ports attack the service even before our Escan or Econceal service starts.

It is advisable to close them.

These ports/services on client side are :

* DCOM RPC (listen on port 135) MS03-026
* RPC Locator (port 445) MS03-001, MS04-011
* NetBIOS (ports 137/138/139) MS03-049
* UPNP (port 5000) MS01-059
* Messenger service (uses RPC/NetBIOS ports) MS03-043

An example of server side ports/services :

* WebDAV on IIS server (port 80) MS03-007
* SQL Server 2000 (port 1434) MS02-061

We can close these ports using

http://www.firewallleaktester.com/tools/wwdc.exe