Re: Zotob worm patch?

This is for XP only!!!
The scumbag trying to use the PnP exploit has to have
1.Access to your keyboard or
2.Admin rights to exploit this remotely

>From M/s website under mitigating factors of this hotfix
Mitigating Factors for Plug and Play Vulnerability - CAN-2005-1983:
. On Windows XP Service Pack 2 and Windows Server 2003 an attacker
must have valid logon credentials and be able to log on locally to exploit
this vulnerability. The vulnerability could not be exploited remotely by
anonymous users or by users who have standard user accounts. However, the
affected component is available remotely to users who have administrative
permissions.

. On Windows XP Service Pack 1 an attacker must have valid logon
credentials to try to exploit this vulnerability. The vulnerability could
not be exploited remotely by anonymous users. However, the affected
component is available remotely to users who have standard user accounts.

. Firewall best practices and standard default firewall configurations
can help protect networks from attacks that originate outside the enterprise
perimeter. Best practices recommend that systems that are connected to the
Internet have a minimal number of ports exposed.

When you say that M/S has a habit of saying everything is "critical"
or must have you are right.

--
Mike Pawlak










t.cruise wrote:
> I know that many in this group support downloading Windows XP
> updates. Personally, I download and install ONLY what is absolutely
> necessary, which for me has avoided problems with smooth running
> systems. There has been much media attention the past couple of days
> about the Zotob worm, I.E., PnP and compromised Windows security. I
> know that there is a patch available for download at the Microsoft
> web site
> WindowsXP-KB899588-x86-ENU.exe
>
> But, there has been mass media hysteria in the past about viruses and
> worms, none of which have made their way to any of my systems with
> broadband internet connections, without my having to download and
> install the plethora of security patches at the Windows Update. My
> question is, if I have a decent firewall am I already protected, or
> do I really need to install this patch?



.

Relevant Pages

  • Re: P2P software is security?
    ... Until the next vulnerability is discovered, that is - which is maybe ... for Windows products than UNIX/Linux. ... I have heard some rumors about worms around the KaZaa network, ... Always scan any executable software you download with an AV! ...
    (comp.security.misc)
  • Re: Help with CWS trojan
    ... >I am running Windows XP Professional on computer with a dial-up ... (which is where the vulnerability is sometimes said to ... >infection with CWS? ... Download, ...
    (microsoft.public.security.virus)
  • Re: [Full-disclosure] windows vulnerability? [was: Re: [Code-Crunchers] 137 bytes]
    ... > do not block this download, so it's smallest and most dangerous ... I'd say more though, it's a vulnerability. ... Windows handles UNC paths the same way as local paths. ...
    (Full-Disclosure)
  • Re: Sasser & Blaster problem
    ... Instructions for patching and cleaning vulnerable Windows 2000 and Windows ... installation of the patch as well as removal of the worm. ... the vulnerability used by this worm from crashing the LSASS.EXE process. ... install the MS04-011 patch from the MS04-011 download link for the affected ...
    (microsoft.public.security)
  • SecurityFocus Microsoft Newsletter #163
    ... MICROSOFT VULNERABILITY SUMMARY ... Bugzilla Javascript Buglists Remote Information Disclosure V... ... Microsoft Internet Explorer DHTML Drag and Drop Local File S... ... Microsoft Windows Workstation Service Remote Buffer Overflow... ...
    (Focus-Microsoft)