Re: lsass.exe worm
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 10/19/04
- Next message: Robert: "missing printer port in Windows"
- Previous message: Rashmi.K.Y [MSFT]: "RE: 0x80070643 Error From Windows Update - Journal Viewer Update"
- In reply to: David H. Lipman: "Re: lsass.exe worm"
- Next in thread: Selarom De Janerio: "Re: lsass.exe worm"
- Reply: Selarom De Janerio: "Re: lsass.exe worm"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 18 Oct 2004 22:26:04 -0400
David H. Lipman wrote:
> Lanwench.
>
> I distribute all patches and HotFixes that are corp. requirements via
> our Login Script which is based upon the kixtart script Interpreter.
>
> Many OS patches use the syantax; PATCH.EXE -z -n -q
>
> This allows installations that, are quiet (no screens), rquires no
> reboot and requires no user intervention.
>
> In the situation where there were *multiple* GDI DLL fixes for the
> JPEG vulnerability, the above was not the case. In those cases all
> the patches wre self extracting ZIP files. I used WinZIP to extract
> the contents of the EXE. The patches were based around OHOTFIX.EXE
> and I put that command in the script uses its switch parameters.
>
> Since *all* my LAN users must login to the Domain, and run the Login
> Script, they all get the updates. If needed, i can reboot the
> platform useing the Kix command; shutdown()
>
> Dave
Sounds excellent! Personally, I like SUS...but if your method works for you,
good on ya. :)
>
>
>
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
> message news:uQq9P5XtEHA.3872@TK2MSFTNGP15.phx.gbl...
>> Selarom De Janerio wrote:
>>> we got affected by this today on our 2000 workstations.
>>> is there an automated way to push down the updates for this?
>>>
>>> regards -
>>
>> Not without SUS or something similar.
>> Standard boilerplate follows:
>>
>> You've been infected by the Sasser worm or variant. This means you
>> didn't apply Windows Updates (at least not very recently - patch for
>> this came out April 13 2004) and don't have a firewall enabled....
>>
>> For WinXP: If you can't stop your computer from restarting:
>>
>> As soon as your computer reboots and Windows loads, click Start,
>> then Run. In the box, type the following:
>>
>> shutdown -a (then click OK)
>>
>> [for Win2k, shutdown.exe is part of the resource kit and the correct
>> syntax is
>> shutdown /a]
>>
>> Then see http://www.microsoft.com/security/incident/sasser.asp and
>> http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
>>
>> McAfee's Stinger tool to remove Sasser:
>> http://vil.nai.com/vil/stinger/
>>
>> MS removal tool for Windows 2000 SP2 and up, or Windows XP:
>> http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720
>>
>> Enable your XP firewall (or get a third party one if not on XP or
>> even if so - www.zonealarm.com has a free one) - if you're on a
>> network, you need a good perimeter firewall anyway. Run Windows
>> Update regularly to
>> keep your OS patched to the gills. You also need good antivirus
>> software and need to keep it updated regularly. As mentioned, the
>> patch for this exploit was released April 13th...but there are
>> plenty you do need. Perhaps want to enable the autoupdate feature of
>> Windows Update and subscribe to the security bulletin announcements
>> at www.microsoft.com/security.
- Next message: Robert: "missing printer port in Windows"
- Previous message: Rashmi.K.Y [MSFT]: "RE: 0x80070643 Error From Windows Update - Journal Viewer Update"
- In reply to: David H. Lipman: "Re: lsass.exe worm"
- Next in thread: Selarom De Janerio: "Re: lsass.exe worm"
- Reply: Selarom De Janerio: "Re: lsass.exe worm"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
