Ping: Ken Blake

[David H. Lipman]

Regarding your reply in the thread "Blaster virus"

Mistakes Ken !

The information I extracted from your post is incorrect !

What you have provided is NOT a patch. It is the Lovsan/Blaster & Nachi/Welchia removal
tool. It will not correct the RPC/RPCSS Buffer Overflow Vulnerability that is addressed by
Microsoft Security Bulletin MS03-39 http://support.microsoft.com/?kbid=824146 That is the
"patch" to prevent the Internet worms.

A *better* tool (non Microsoft) is McAfee's Stinger: http://vil.nai.com/vil/stinger/ for
removing the infectors that exploit the RPC/RPCSS vulnerability.


Dave


| b. If you've disconnected your internet connection, reconnect it.
| Download and install the Microsoft patch at
|
http://www.microsoft.com/downloads/...8b-fe98-493f-ad76-bf673a38b4cf&displaylang=en
|
| That will remove the vulnerability that the worm exploits.

 

[Malke]

Regarding your reply in the thread "Blaster virus"

Mistakes Ken !

Why are you posting this again? As I said in answer to your first post,
Stinger will not patch the operating system either. Ken included the
instructions and a link to the operating system patch in Item 3.b. in
his original post.

Malke

 

[David H. Lipman]

I called Stinger a TOOL not a PATCH. It removes the infector it does not patch the
RPC/RPCSS Buffer Overflow Vulnerability.

The URL;
http://www.microsoft.com/downloads/...8B-FE98-493F-AD76-BF673A38B4CF&displaylang=en
Is also a removal tool
I quote...
"This tool will help remove the Blaster worm from Windows XP and Windows 2000 machines
infected with Blaster and patched with MS03-26 [KB823980] or MS03-039 [KB824146]."

Ken did NOT provide the patch in 3b.

The PATCH fort the RPC/RPCSS Buffer Overflow Vulnerability is addressed by Microsoft
Security Bulletin MS03-39 http://support.microsoft.com/?kbid=824146 and is KB824146.

Please correct your information as well.

Dave

| David H. Lipman wrote:
|
| > Regarding your reply in the thread "Blaster virus"
| >
| > Mistakes Ken !
| >
| Why are you posting this again? As I said in answer to your first post,
| Stinger will not patch the operating system either. Ken included the
| instructions and a link to the operating system patch in Item 3.b. in
| his original post.
|
| Malke
| --
| MS MVP - Windows Shell/User
| Elephant Boy Computers
| www.elephantboycomputers.com
| "Don't Panic!"

 

[Torgeir Bakken (MVP)]

Why are you posting this again? As I said in answer to your first post,
Stinger will not patch the operating system either. Ken included the
instructions and a link to the operating system patch in Item 3.b. in
his original post.

Hi Malke,

Actually, David is correct on all points in this case.



--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx

 

[Ken Blake, MVP]

In

Hi Malke,

Actually, David is correct on all points in this case.

Yes he is, and I've changed my canned reply to point to the
correct Microsoft article.