Re: lsass.exe worm
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/19/04
- Next message: Matt Anderson: "Re: System Reboot During File Transfers"
- Previous message: Matt Anderson: "Re: Service pack 4 for windows 2000"
- In reply to: Lanwench [MVP - Exchange]: "Re: lsass.exe worm"
- Next in thread: Lanwench [MVP - Exchange]: "Re: lsass.exe worm"
- Reply: Lanwench [MVP - Exchange]: "Re: lsass.exe worm"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 18 Oct 2004 22:10:34 -0400
Lanwench.
I distribute all patches and HotFixes that are corp. requirements via our Login Script which
is based upon the kixtart script Interpreter.
Many OS patches use the syantax; PATCH.EXE -z -n -q
This allows installations that, are quiet (no screens), rquires no reboot and requires no
user intervention.
In the situation where there were *multiple* GDI DLL fixes for the JPEG vulnerability, the
above was not the case. In those cases all the patches wre self extracting ZIP files. I
used WinZIP to extract the contents of the EXE. The patches were based around OHOTFIX.EXE
and I put that command in the script uses its switch parameters.
Since *all* my LAN users must login to the Domain, and run the Login Script, they all get
the updates. If needed, i can reboot the platform useing the Kix command; shutdown()
Dave
"Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com>
wrote in message news:uQq9P5XtEHA.3872@TK2MSFTNGP15.phx.gbl...
| Selarom De Janerio wrote:
| > we got affected by this today on our 2000 workstations.
| > is there an automated way to push down the updates for this?
| >
| > regards -
|
| Not without SUS or something similar.
| Standard boilerplate follows:
|
| You've been infected by the Sasser worm or variant. This means you didn't
| apply Windows Updates (at least not very recently - patch for this came out
| April 13 2004) and don't have a firewall enabled....
|
| For WinXP: If you can't stop your computer from restarting:
|
| As soon as your computer reboots and Windows loads, click Start, then Run.
| In the box, type the following:
|
| shutdown -a (then click OK)
|
| [for Win2k, shutdown.exe is part of the resource kit and the correct syntax
| is
| shutdown /a]
|
| Then see http://www.microsoft.com/security/incident/sasser.asp and
| http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
|
| McAfee's Stinger tool to remove Sasser: http://vil.nai.com/vil/stinger/
|
| MS removal tool for Windows 2000 SP2 and up, or Windows XP:
| http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720
|
| Enable your XP firewall (or get a third party one if not on XP or even if
| so - www.zonealarm.com has a free one) - if you're on a network, you need a
| good perimeter firewall anyway. Run Windows Update regularly to
| keep your OS patched to the gills. You also need good antivirus software and
| need to keep it updated regularly. As mentioned, the patch for this exploit
| was released April 13th...but there are plenty you do need. Perhaps want to
| enable the autoupdate feature of Windows Update and subscribe to the
| security bulletin announcements at www.microsoft.com/security.
|
|
- Next message: Matt Anderson: "Re: System Reboot During File Transfers"
- Previous message: Matt Anderson: "Re: Service pack 4 for windows 2000"
- In reply to: Lanwench [MVP - Exchange]: "Re: lsass.exe worm"
- Next in thread: Lanwench [MVP - Exchange]: "Re: lsass.exe worm"
- Reply: Lanwench [MVP - Exchange]: "Re: lsass.exe worm"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
