Proponuję wejść na strone
http://securityresponse.symantec.com...tent/8205.html. Jest to najwyraźniej bug systemowy WSZYSTKICH wersji Windows opartych na NT.
To jest właśnie ten bug, patche są na tejże stronie, w moim przypadku pomogło.
Description
A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system.
This issue may be exposed on other ports that the RPC Endpoint Mapper listens on, such as TCP ports 139, 135, 445 and 593. This has not been confirmed. Under some configurations the Endpoint Mapper may receive traffic via port 80.
Update
7-31-2003: Although spikes in activity have been reported during the past five days, the majority of this scanning activity appears to be isolated to a small number of hosts. Exploit development is continuing, but at this time there is no evidence that successful worms have been developed. Although the level of activity on this port has been climbing steadily since the announcement of the vulnerability a few weeks ago, organizations that have robust filtering, and frequent patch auditing should be relatively safe.
[...]
Recommendations
Block external access at the network boundary, unless service is required by external parties.
Hosts that can send malicious traffic to TCP port 135 can exploit this issue. External access to this port should be filtered at network perimeters. Permit access for trusted or internal hosts and networks only.
Microsoft has released patches to address this issue:
(to jest patch do XP Home oraz Pro SP1 PL, do pozostałych systemów szukać na podanej stronie)
http://microsoft.com/downloads/detai...displaylang=pl