There seems to be a massive denial of service attack going on

> I too am seeing many of my clients remote PC's going down with this

> and COM+ errors. The NT Authority auto shutdown that everyone is

> about.
>
>
> Basically all our users behind a firewall are not experiencing this

> Remote users that acces the interent and then come to our servers by

> terminal connection are dropping like flies.
> We have lost many systems today all going down one after another.
>
> These remote systems, since they use slow dialup were not patched

> this RPC exploit. We are trying to now but MS site seems swamped and

> unable. Fortunately these people can stay up because they can RAS

> firewalled site and then user their browser to get the update. Users

> only have internet access can not stay up long enough to get

>
> All systems affected have the MSBlast.exe file that some poeple have

> about.
>
> Does any security person know whats going on?
>
> How is the DOS working? Where is it coming from? Any word from

> Macafee on what msblast.exe is and what other files may have been

>
>
>

> it seem to me that it is a virus, I don't know what ms is
> doing about this issue I just receive this patch for the
> hole the virus is getting in through. Our phones jumped
> off the hook about 10 minutes when I came into work. I
> came here to see what was going on and I saw all these
> people with the same issues... IS THERE ANYTHING i CAN DO
> TO HELP ??? i COULD I EMAIL YOU ANYTHING?
>
> -RAINIE

> >-----Original Message-----
> >I too am seeing many of my clients remote PC's going down

> with this same RPC

> >and COM+ errors. The NT Authority auto shutdown that

> everyone is talking

> >about.
> >
> >
> >Basically all our users behind a firewall are not

> experiencing this problem.

> >Remote users that acces the interent and then come to our

> servers by way of

> >terminal connection are dropping like flies.
> >We have lost many systems today all going down one after

> another.

> >
> >These remote systems, since they use slow dialup were not

> patched against

> >this RPC exploit. We are trying to now but MS site seems

> swamped and we are

> >unable. Fortunately these people can stay up because

> they can RAS into our

> >firewalled site and then user their browser to get the

> update. Users that

> >only have internet access can not stay up long enough to

> get updates.

> >
> >All systems affected have the MSBlast.exe file that some

> poeple have talked

> >about.
> >
> >Does any security person know whats going on?
> >
> >How is the DOS working? Where is it coming from? Any word

> from Symantec or

> >Macafee on what msblast.exe is and what other files may

> have been affected?

> >
> >
> >
> >.
> >

> Mark;
> First, IMMEDIATELY disconnect from the internet before a "friend"
> leaves a gift on your computer for you.
> DO NOT reconnect until this issue is resolved.
>
> Install or enable a firewall immediately.
> http://support.microsoft.com/?kbid=283673
>
> Run an updated virus scan.
> Or Scan for Viruses online:
>

>
> Also be sure to update immediately to prevent this in the future:
> http://windowsupdate.microsoft.com/
>
> This will tell you more:
> http://www.microsoft.com/security/se...s/ms03-026.asp
>
> --
> Jupiter Jones [MVP]
> An easier way to read newsgroup messages:
> http://www.microsoft.com/windowsxp/p...oups/setup.asp
> http://dts-l.org/index.html
>
>
> "Mark Jerome" <mdjerome@hotmail.com> wrote in message
> news:eavdZnEYDHA.2548@TK2MSFTNGP09.phx.gbl...

> > I too am seeing many of my clients remote PC's going down with this

> same RPC

> > and COM+ errors. The NT Authority auto shutdown that everyone is

> talking

> > about.
> >
> >
> > Basically all our users behind a firewall are not experiencing this

> problem.

> > Remote users that acces the interent and then come to our servers by

> way of

> > terminal connection are dropping like flies.
> > We have lost many systems today all going down one after another.
> >
> > These remote systems, since they use slow dialup were not patched

> against

> > this RPC exploit. We are trying to now but MS site seems swamped and

> we are

> > unable. Fortunately these people can stay up because they can RAS

> into our

> > firewalled site and then user their browser to get the update. Users

> that

> > only have internet access can not stay up long enough to get

> updates.

> >
> > All systems affected have the MSBlast.exe file that some poeple have

> talked

> > about.
> >
> > Does any security person know whats going on?
> >
> > How is the DOS working? Where is it coming from? Any word from

> Symantec or

> > Macafee on what msblast.exe is and what other files may have been

> affected?

> >
> >
> >

>
>

> Mark;
> First, IMMEDIATELY disconnect from the internet before a "friend"
> leaves a gift on your computer for you.
> DO NOT reconnect until this issue is resolved.
>
> Install or enable a firewall immediately.
> http://support.microsoft.com/?kbid=283673
>
> Run an updated virus scan.
> Or Scan for Viruses online:
>

>
> Also be sure to update immediately to prevent this in the future:
> http://windowsupdate.microsoft.com/
>
> This will tell you more:
> http://www.microsoft.com/security/se...s/ms03-026.asp
>
> --
> Jupiter Jones [MVP]
> An easier way to read newsgroup messages:
> http://www.microsoft.com/windowsxp/p...oups/setup.asp
> http://dts-l.org/index.html
>
>
> "Mark Jerome" <mdjerome@hotmail.com> wrote in message
> news:eavdZnEYDHA.2548@TK2MSFTNGP09.phx.gbl...

> > I too am seeing many of my clients remote PC's going down with this

> same RPC

> > and COM+ errors. The NT Authority auto shutdown that everyone is

> talking

> > about.
> >
> >
> > Basically all our users behind a firewall are not experiencing this

> problem.

> > Remote users that acces the interent and then come to our servers by

> way of

> > terminal connection are dropping like flies.
> > We have lost many systems today all going down one after another.
> >
> > These remote systems, since they use slow dialup were not patched

> against

> > this RPC exploit. We are trying to now but MS site seems swamped and

> we are

> > unable. Fortunately these people can stay up because they can RAS

> into our

> > firewalled site and then user their browser to get the update. Users

> that

> > only have internet access can not stay up long enough to get

> updates.

> >
> > All systems affected have the MSBlast.exe file that some poeple have

> talked

> > about.
> >
> > Does any security person know whats going on?
> >
> > How is the DOS working? Where is it coming from? Any word from

> Symantec or

> > Macafee on what msblast.exe is and what other files may have been

> affected?

> >
> >
> >

>
>

> Well advise is sound but flawed. TO fix the computers we need the patch

> we need acces to get the NAV updates. Problems right now is how STUPID MS

> doing this and how unpapared they are. I can only find the patch through

> update and NOT as a single file download. THis has immense consequences
>
> Also for sites where we have lots of users on broadband our problem is

> MS has not provided this patch as a file which is utterly stupid!!! What
> we all want to do is download ONE FILE. Then disconnect the entire site

> the internet. Then apply the patch to all the computers.
>
> The way it is now we have to have each and every PC hit the internet to

> this patch. MS site is so bogged down it takes for ever. Before any patch
> can be complete the PC's are getting nailed with this BUG. this is a

> cycle we can't seem to get out of. Does anyone know where this stupid

> can be downloaded as a file???
>
>
>
> "Jupiter Jones [MVP]" <jones_jupiter@hotnomail.com> wrote in message
> news:%23PsBqeFYDHA.1620@TK2MSFTNGP12.phx.gbl...

> > Mark;
> > First, IMMEDIATELY disconnect from the internet before a "friend"
> > leaves a gift on your computer for you.
> > DO NOT reconnect until this issue is resolved.
> >
> > Install or enable a firewall immediately.
> > http://support.microsoft.com/?kbid=283673
> >
> > Run an updated virus scan.
> > Or Scan for Viruses online:
> >

>

> >
> > Also be sure to update immediately to prevent this in the future:
> > http://windowsupdate.microsoft.com/
> >
> > This will tell you more:
> > http://www.microsoft.com/security/se...s/ms03-026.asp
> >
> > --
> > Jupiter Jones [MVP]
> > An easier way to read newsgroup messages:
> > http://www.microsoft.com/windowsxp/p...oups/setup.asp
> > http://dts-l.org/index.html
> >
> >
> > "Mark Jerome" <mdjerome@hotmail.com> wrote in message
> > news:eavdZnEYDHA.2548@TK2MSFTNGP09.phx.gbl...

> > > I too am seeing many of my clients remote PC's going down with this

> > same RPC

> > > and COM+ errors. The NT Authority auto shutdown that everyone is

> > talking

> > > about.
> > >
> > >
> > > Basically all our users behind a firewall are not experiencing this

> > problem.

> > > Remote users that acces the interent and then come to our servers by

> > way of

> > > terminal connection are dropping like flies.
> > > We have lost many systems today all going down one after another.
> > >
> > > These remote systems, since they use slow dialup were not patched

> > against

> > > this RPC exploit. We are trying to now but MS site seems swamped and

> > we are

> > > unable. Fortunately these people can stay up because they can RAS

> > into our

> > > firewalled site and then user their browser to get the update. Users

> > that

> > > only have internet access can not stay up long enough to get

> > updates.

> > >
> > > All systems affected have the MSBlast.exe file that some poeple have

> > talked

> > > about.
> > >
> > > Does any security person know whats going on?
> > >
> > > How is the DOS working? Where is it coming from? Any word from

> > Symantec or

> > > Macafee on what msblast.exe is and what other files may have been

> > affected?

> > >
> > >
> > >

> >
> >

>
>

> Well advise is sound but flawed. TO fix the computers we need the

> we need acces to get the NAV updates. Problems right now is how

> doing this and how unpapared they are. I can only find the patch

> update and NOT as a single file download. THis has immense

>
> Also for sites where we have lots of users on broadband our problem

> MS has not provided this patch as a file which is utterly stupid!!!

> we all want to do is download ONE FILE. Then disconnect the entire

> the internet. Then apply the patch to all the computers.
>
> The way it is now we have to have each and every PC hit the internet

> this patch. MS site is so bogged down it takes for ever. Before any

> can be complete the PC's are getting nailed with this BUG. this is a

> cycle we can't seem to get out of. Does anyone know where this

> can be downloaded as a file???