G
George Hester
Hello folks. Well I see the sasser worm is making its rounds. I see also that the fix for this vulnerability is that mega security update:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Now I don't know about you but security fixes of this type scare me more then the things we are to be protected from. Why we need to affect 14 "things" in Windows 2000 to guard us from the LSASS vulnerablitity is beyond me. Oh I know "supporting files" and all that. Yeah right. OK. Moving on...
Look at this article:
http://www.microsoft.com/technet/Security/alerts/sasser.mspx
As a first step I assume for an unaffected system:
Create a file called %systemroot%\debug\dcpromo.log and make the file read-only. To do this, type the following command:
echo dcpromo >%systemroot%\debug\dcpromo.log & attrib +r %systemroot%\debug\dcpromo.log
NOTE: This is the most effective mitigation technique as it completely mitigates this vulnerability by causing the vulnerable code to never be executed. This work-around will work for packets sent to any vulnerable port.
Well that's good enough for me.
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Now I don't know about you but security fixes of this type scare me more then the things we are to be protected from. Why we need to affect 14 "things" in Windows 2000 to guard us from the LSASS vulnerablitity is beyond me. Oh I know "supporting files" and all that. Yeah right. OK. Moving on...
Look at this article:
http://www.microsoft.com/technet/Security/alerts/sasser.mspx
As a first step I assume for an unaffected system:
Create a file called %systemroot%\debug\dcpromo.log and make the file read-only. To do this, type the following command:
echo dcpromo >%systemroot%\debug\dcpromo.log & attrib +r %systemroot%\debug\dcpromo.log
NOTE: This is the most effective mitigation technique as it completely mitigates this vulnerability by causing the vulnerable code to never be executed. This work-around will work for packets sent to any vulnerable port.
Well that's good enough for me.