DCOM error

Discussion in 'other security issues & news' started by analyzer, Aug 20, 2003.

Thread Status:
Not open for further replies.
  1. analyzer

    analyzer Registered Member

    Joined:
    Jul 15, 2003
    Posts:
    14
    Can anyone tell me what cause this error msg ? I got 3 of them this morning.
    Does this has anything to do with RPC exploit or somebody is trying to portscan my pc ?

    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10003
    Date: 8/20/2003
    Time: 9:46:17 AM
    User: N/A
    Computer: XXXXXX
    Description:
    Access denied attempting to launch a DCOM Server using
    DefaultLaunchPermssion. The server is:
    {00020906-0000-0000-C000-000000000046}
    The user is Unavailable/Unavailable, SID=Unavailable.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    I haven't seen that specific event, but, I'm wondering what your system setup is... What is your Windows version? XP? Do you have a firewall or an external router protecting your RPC port (TCP port 135)?

    If you don't, I can imagine that one of the current worms was connecting to your port 135 and trying to infect you and perhaps that's the error it generated. If this is the case, the solution is use some form of firewall. If you already have a firewall, have you tested it to make sure port 135 is being blocked?

    Another possibility would involve something running locally on your system attempting to access DCOM locally and also generating that type of error. Have you run a good anti-virus scan recently?
     
  3. analyzer

    analyzer Registered Member

    Joined:
    Jul 15, 2003
    Posts:
    14
    I'm using WinXP Pro SP1 and I already had RPC patch installed 2 weeks ago.Nope I don't have firewall on this system as I'm on dialup connection.

    I've do some seaching on the net using the string "{00020906-0000-0000-C000-000000000046}" and found it's possible related to Ms word.
     
  4. Finn McCool

    Finn McCool Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    49
    Location:
    New Orleans
    If you're running IIS, this article may apply:
    http://support.microsoft.com/default.aspx?kbid=290398
     
Thread Status:
Not open for further replies.