three days of doom and then some

G

George Hester

Hello folks. Well I see the sasser worm is making its rounds. I see also that the fix for this vulnerability is that mega security update:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Now I don't know about you but security fixes of this type scare me more then the things we are to be protected from. Why we need to affect 14 "things" in Windows 2000 to guard us from the LSASS vulnerablitity is beyond me. Oh I know "supporting files" and all that. Yeah right. OK. Moving on...

Look at this article:

http://www.microsoft.com/technet/Security/alerts/sasser.mspx

As a first step I assume for an unaffected system:

Create a file called %systemroot%\debug\dcpromo.log and make the file read-only. To do this, type the following command:

echo dcpromo >%systemroot%\debug\dcpromo.log & attrib +r %systemroot%\debug\dcpromo.log

NOTE: This is the most effective mitigation technique as it completely mitigates this vulnerability by causing the vulnerable code to never be executed. This work-around will work for packets sent to any vulnerable port.



Well that's good enough for me.
 
E

Enkidu

Hello folks. Well I see the sasser worm is making its
rounds. I see also that the fix for this vulnerability is
that mega security update:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Now I don't know about you but security fixes of this
type scare me more then the things we are to be protected
from. Why we need to affect 14 "things" in Windows
2000 to guard us from the LSASS vulnerablitity is beyond
me. Oh I know "supporting files" and all that. Yeah right.
OK. Moving on...

Look at this article:

http://www.microsoft.com/technet/Security/alerts/sasser.mspx

As a first step I assume for an unaffected system:
Click to expand...
Erm, "unaffected"? It's in a section entitled RECOVERY.
Create a file called %systemroot%\debug\dcpromo.log and
make the file read-only. To do this, type the following command:

echo dcpromo >%systemroot%\debug\dcpromo.log & attrib +r %systemroot%\debug\dcpromo.log

NOTE: This is the most effective mitigation technique as it
completely mitigates this vulnerability by causing the
vulnerable code to never be executed. This work-around
will work for packets sent to any vulnerable port.

Well that's good enough for me.
Click to expand...

See above. I'm putting all the patches on, via MS04-011. I've probably
got most them already.

Cheers,

Cliff
 
G

George Hester

I guess you missed this:

NOTE: This is the most effective mitigation technique as it
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Compass Rule Manger 2
Attacked by Spyware and Adware 1
UPDATE: Product Support Services - W32.SASSER WORM RELATING TO MS04-011 2
Sasser Worm Alert 1
Please apply the MS04-011 patch IMMEDIATELY to protect your system against W32.Sasser worm 4
total cost of 0wn3rsh1p 4

Top