Windows Server 2003's Distributed Component Object Model (DCOM) portion of the RPC protocol contains a flaw, which the recent MS Blaster worm exploited. One method for protecting a server is disabling the DCOM service on your affected systems.
However, you should first perform a complete analysis of your systems. You should only use this method if you have no other way to quickly protect your server and haven't yet installed the RPC patch.
Before taking this step, make sure you consider all of the ramifications. Some of these include:
- Third-party applications dependent on DCOM will stop working.
- COM objects that support remote activation may stop working.
- Windows Management Instrumentation queries against remote systems may stop working.
To disable the DCOM service, follow these steps:
- Go to Start | Administrative Tools | Component Services.
- Choose Component Services | Computers.
- Right-click My Computer, and choose Properties.
- On the Default Properties tab, deselect the Enable Distributed COM On This Computer check box.
- Click OK, and close the Component Services window.
Be careful if you take this step. It's highly recommended that you enable DCOM functionality after you've properly patched the vulnerability.
