What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » New Virus Exploiting Microsoft Holes

Pages: (3): « First [ 1 ] 2 3 » Last »
New Virus Exploiting Microsoft Holes
Author: Message:
matty
Scripting Guru
*****


Posts: 8336
Reputation: 109
39 / Male / Flag
Joined: Dec 2002
Status: Away
O.P. New Virus Exploiting Microsoft Holes
Microsoft Windows LSASS Buffer Overrun Vulnerability

Description

Microsoft Windows LSASS (Local Security Authority Subsystem Service) is prone to a remotely exploitable buffer overrun vulnerability. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise.

This issue could be exploited by an anonymous user on Microsoft Windows 2000 and XP operating systems. The issue may reportedly only be exploited by local, authenticated users on Microsoft Windows Server 2003 and Microsoft Windows XP 64-Bit Edition 2003.

Symantec Vulnerability Assessment
Symantec Vulnerability Assessment detects and reports this vulnerability. Click here for the advisory released April 13, 2004.


http://securityresponse.symantec.com/avcenter/sec...Content/10108.html


Stupid Microsoft making everyone aware of their holes then people make viruses, well work will be busy next few months, I do tech support and heard there was 160 calls waiting :S

[Image: attachment.php?pid=236608]
Image credit to Matty.

----------------------------------------------------------------
Removal

Norton Removal Tool

Download the FxSasser.exe file from: http://securityresponse.symantec.com/avcenter/FxSasser.exe.
Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.
To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.
Close all the running programs before running the tool.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, then disable System Restore. Refer to the "System Restore option in Windows Me/XP" section later in this writeup for further details.

Caution: If you are running Windows Me/XP, we strongly recommend that you do not skip this step.

Double-click the FxSasser.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus definitions.


Disable System Restore Windows ME
Click Start
Click Settings
Click Control Panel
Double Click System
Click Preformance Tab at the top
Click File System
Click Troubleshooting Tab at the top
Check Disable System Restore (last box)
Click Ok, then Ok again

Disable System Restore Windows XP
Click Start
Click Run
Type "control panel" (without the quotes)
If in Category View(Says Pick a Category at the top) Click on System
If in Classic View (All icons shown) Double Click System
Click the System Restore tab at the top
Check the box that says Turn off System Restore on all drives.
You will be prompted and asked if you are sure and that all restore points will be deleted, Click Yes
Then click Apply, then Click OK

IF BY ANY CHANCE IN THE PROCESS OF DOING THIS THE BOX TO SHUT DOWN YOUR COMPUTER POPS UP DO THE FOLLOWING...
Click Start
Click Run
type "shutdown -a" (without the quotes)

Then Run the Removal Tool From Norton

After you have Run the Patch
Download and install the Microsoft update from here
(This Patch is for Windows XP Home and Pro with and without SP1)
For other Operating Systems please visit here

------------------------------
Variants

W32.Sasser.Worm
W32.Sasser.B.Worm
W32.Sasser.C.Worm

.gif File Attachment: Sasser Worm.gif (7.44 KB)
This file has been downloaded 406 time(s).

This post was edited on 05-08-2004 at 04:20 PM by matty.
05-02-2004 03:46 AM
Profile E-Mail PM Find Quote Report
Patchou
Messenger Plus! Creator
*****

Avatar

Posts: 8607
Reputation: 201
43 / Male / Flag
Joined: Apr 2002
RE: New Virus Exploiting Microsoft Holes
Bha.. don't worry about it, IT guys always take those things way too seriously. As for Microsoft publishing this kind of information, that's because they released a patch so anyone who is scared can secure himself easily. If they don't publish the info, they get accused of hidding things.

Thanks for the post.
[Image: signature2.gif]
05-02-2004 04:50 AM
Profile PM Web Find Quote Report
Jordan2004
Junior Member
**

The Electronic Brain Community Admin

Posts: 53
37 / Male / –
Joined: Jan 2004
RE: New Virus Exploiting Microsoft Holes
quote:
Originally posted by Patchou
Bha.. don't worry about it, IT guys always take those things way too seriously.

Agreed Patch. (Y)

Even though this is a very serious and quick spreading virus, there is already a patch for this on Windows Update (for affected operating systems), and virus definition are already updated. Therefore anyone who keeps their system up-to-date is not really going to be affected.

That's generally all users really need to do to combat viruses at the moment.
05-02-2004 11:31 AM
Profile E-Mail PM Web Find Quote Report
tomfletcherman
Senior Member
****

Avatar

Posts: 929
Reputation: 7
35 / Male / –
Joined: Dec 2002
RE: New Virus Exploiting Microsoft Holes
My firewalls just blocked three trojans, probably that :|
05-02-2004 03:02 PM
Profile E-Mail PM Find Quote Report
Mike
Elite Member
*****

Avatar
Meet the Spam Family!

Posts: 2795
Reputation: 48
32 / Male / Flag
Joined: Mar 2003
Status: Online
RE: New Virus Exploiting Microsoft Holes
Hmmm...
I got this shutdown message today about Issas.exe being closed but after the 60 secs, computer didnt shutdown :rolleyes:
If I was going to the shutdown button on xp it was showing the log of screen.
When i clicked log off it stayed at "Saving your settings" and i had to close my computer with the hard way...

But after that i didnt got the same thing....

Btw wasnt blaster doing the same thing?
YouTube closed-captions ripper (also allows you to download videos!)
05-02-2004 07:51 PM
Profile E-Mail PM Web Find Quote Report
matty
Scripting Guru
*****


Posts: 8336
Reputation: 109
39 / Male / Flag
Joined: Dec 2002
Status: Away
O.P. RE: New Virus Exploiting Microsoft Holes
quote:
Originally posted by Mike2
Hmmm...
I got this shutdown message today about Issas.exe being closed but after the 60 secs, computer didnt shutdown :rolleyes:
If I was going to the shutdown button on xp it was showing the log of screen.
When i clicked log off it stayed at "Saving your settings" and i had to close my computer with the hard way...

But after that i didnt got the same thing....

Btw wasnt blaster doing the same thing?

Yes it was doing the same thing, but these are two totally different viruses.
05-02-2004 09:08 PM
Profile E-Mail PM Find Quote Report
Maniac
Senior Member
****

Avatar
Posts including T&T: 1684

Posts: 549
Reputation: 9
37 / Male / –
Joined: Apr 2004
RE: New Virus Exploiting Microsoft Holes
Who cares, if you get that weird shutting off error, open a DOS command type "shutdown -a" then take ur type to get all the patches and ull be clear :p
[Image: maniacsig0pb.jpg]
*It took Jesus 3 days to respawn! Talk about lag!* :rofl:
05-03-2004 12:24 AM
Profile E-Mail PM Web Find Quote Report
tomfletcherman
Senior Member
****

Avatar

Posts: 929
Reputation: 7
35 / Male / –
Joined: Dec 2002
RE: New Virus Exploiting Microsoft Holes
I had 87 attempts to put that on my pc yesterday
05-03-2004 08:38 AM
Profile E-Mail PM Find Quote Report
mgt
New Member
*


Posts: 3
Joined: May 2004
RE: New Virus Exploiting Microsoft Holes
Stupid Microsoft making everyone aware of their holes then people make viruses, well work will be busy next few months, I do tech support and heard there was 160 calls waiting

i had 10 calls :~(
05-03-2004 08:45 AM
Profile E-Mail PM Find Quote Report
Wabz
Elite Member
*****

Avatar
Its Groovy Baby!

Posts: 3459
Reputation: 29
39 / Male / Flag
Joined: Jan 2003
RE: New Virus Exploiting Microsoft Holes
quote:
Originally posted by mgt
Stupid Microsoft making everyone aware of their holes then people make viruses, well work will be busy next few months, I do tech support and heard there was 160 calls waiting

i had 10 calls :~(


Hmmmm  I remembr the blaster worm I don't do tech support but i was getting phoned every 30 seconds from friends asking what was happening
Mess.be Forum Moderator
Messenger Plus ex-IRC Network Admin
Gimme a Rep!
05-03-2004 09:23 AM
Profile E-Mail PM Web Find Quote Report
Pages: (3): « First [ 1 ] 2 3 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On