Re: Sasser worm?
From: Steve N. (NoOne_at_nunya.biz)
Date: 05/05/04
- Next message: Jone Doe: "Re: Log off and shut down"
- Previous message: Horace Greely: "OE Files Salvage (I hope)"
- In reply to: #$%jbaggett: "Re: Sasser worm?"
- Next in thread: Bruce Chambers: "Re: Sasser worm?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 05 May 2004 00:50:46 GMT
#$%jbaggett wrote:
> Marc Liron MVP wrote:
>
>> Hi Susan,
>>
>> Yes this particular "LSASS" exploit is only affecting XP and 2000 users.
>>
>> If users installed the patch then this known LSASS vulnerability will
>> not be exploited.
>>
>> HOWEVER, all your friends should be using a Firewall to stop unwanted
>> "probing" of your ports by worms, hackers etc.. ALSO an upto date
>> AntiVirus and Automatic Windows Updates should be turned on too.
>>
>> More about the Sasser Worm at:
>>
>> http://www.sasser-worm.com
>>
>> Kind Regards
>>
>> Marc Liron
>> Microsoft MVP
>> http://www.updatexp.com
>> ----------------------------
>> Get Your FREE XP Newsletter!
>> ----------------------------
>>
>>
>>
>>> -----Original Message-----
>>> Does Sasser only affect XP and 2000? Also if the Microsoft patch is
>>> installed, are people still vunerable if don't have firewall?
>>>
>>> I am protected but have concerns for others I know.
>>>
>>> Thanks for information!
>>> Susan .
>>>
> I do not believe this is necessarily true. We have been using SUS
> servers to patch our workstations and Symantec Antivirus Corporate
> editions in managed mode for antivirus. We have had multiple instances
> in the past day where ALL critical updates where installed and the
> machines were still hit. Some were stopped by NAV as they tried and
> others made it through. This occurred on both 2000 and XP pro stations,
> with XP being hit the most. NOTE: We are primarily a 2000 shop and have
> not rolled out many XP stations yet
>
> I am curious as to why this is happening? Is there a problem with the
> patch itself where it works on some systems and not others.
I can't directly answer your question because I don't know the answer
and I doubt anyone else does yet either. I do know that last I checked
(this morning) there where 4 variants of sasser worm known to be in the
wild and there might very well be more. I also know that recent worms
have achieved greater success in thwarting detection and removal by
common a/v products, and in preventing relevant M$ security updates from
installing or even downloading. Some recently developed malware has also
been able to disable some common software firewalls.
There have been, and are, other threats that exploit the LSASS
buffer-overrun vulnerability. I have personally seen 2 incidents of this
vulnerability being exploited long before Micro$lop ever copped to it.
Unfortunately at that time the only solution was to wipe everything out
and start over clean.
M$ knew about this one last year because Win2K3 server does not have
this LSASS buffer-overrun vulnerability, now does it? When did Little
Willie's zombies release a Patch? A little over two weeks ago.
Steve
- Next message: Jone Doe: "Re: Log off and shut down"
- Previous message: Horace Greely: "OE Files Salvage (I hope)"
- In reply to: #$%jbaggett: "Re: Sasser worm?"
- Next in thread: Bruce Chambers: "Re: Sasser worm?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
