If you are avast, you might have seen this message popping up in your computer every few minutes. Read more here to understand what it really means and how to stop this message from pop up.
Network Shield: blocked “DCOM Exploit”
DCOM – Distributed Component Object Model – It’s a functionality (protocol) in Windows to support developers to code their software components to inter-operate directly over network. This might be essentially required for organizations/corporates and necessarily for home users.
It is a default running service in Windows Computer.
How to over come this annoying message?
You have steps to follow.
a. The first reply that any security or administrator guy would give you is “Patch your Windows up-to-date”. Update all the latest patches released by Microsoft related your Operating system. Once you updated your windows, you can really not to worry much about this attack, but remember you may still receive the pop-up window because this patch would not disable DCOM.
b. Download and run a small (29 kbyte) “DCOMbob.exe” utility. It will display the “DCOMbobulator?” information page to explain its operation, with two additional page tabs as shown in the screen shot above: “Am I Vulnerable?” to test the current state of your system’s DCOM facility and “DCOMbobulate Me!” to allow you to disable or re-enable DCOM as you choose.
(Optional) If you do not trust the above tool to test if your computer is vulnerable to DCOM threat, make use of this Microsoft tool to check your computer status – KB824146scan.exe tool.
Microsoft says the attacker can do this if your computer is vulnerable to DCOM threat.
An attacker who successfully exploited this vulnerability could gain complete control over a remote computer. This would give the attacker the ability to take any action on the server that they want. For example, and attacker could change Web pages, reformat the hard disk, or add new users to the local administrators group.
To carry out such an attack, an attacker would require the ability to send a malformed message to the RPC service and thereby cause the target machine to fail in such a way that arbitrary code could be executed.