Related Resources • Virus Encyclopedia • Glossary of terms

Elsewhere on the Web • MS Bulletin MS03-026 • Waiting for the Worms

Additional Considerations
Critical vulnerabilities such as the RPC/DCOM exploit generally require more than one type of protection be employed. As previously noted, at least one tester has indicated that the MS03-026 patch may still leave systems vulnerable to a DoS attack. Likewise, firewall protection can be circumvented by introducing the exploit internally. While disabling DCOM may be an excellent workaround for many home users, it can be less than ideal in a corporate environment where remote access is required. Antivirus software is generally ineffective when new worms are first introduced and the system may be compromised prior to updates becoming available. Thus it is imperative that as many solutions be employed as are reasonably capable of being done. If the system can be safely patched, patch it as a first line of defense. Employ good firewall protection. Keep antivirus definitions up to date. Disable DCOM where feasible.

In his article, Waiting for the Worms, Tim Mullen begins "The hole's been announced, the patch has been released. Now there's nothing to do but wait for the worm to come and wreak its ugly havoc." While it's impossible to say when, or even if, the worm will come, history has shown that such vulnerabilities are quickly exploited. In the case of the RPC/DCOM flaw, the potential for damage is great. As Tim points out, there must be a "distribution of responsibility when it comes to security." Perhaps if enough users realize their responsibility in securing their corner of cyberspace, not only will the risk potential to their system be mitigated, but the threat potential for the entire Internet will be drastically reduced.