matty
Scripting Guru
Posts: 8336
Reputation: 109
39 /  / 
Joined: Dec 2002
Status: Away
|
O.P. New Virus Exploiting Microsoft Holes
Microsoft Windows LSASS Buffer Overrun Vulnerability
Description
Microsoft Windows LSASS (Local Security Authority Subsystem Service) is prone to a remotely exploitable buffer overrun vulnerability. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise.
This issue could be exploited by an anonymous user on Microsoft Windows 2000 and XP operating systems. The issue may reportedly only be exploited by local, authenticated users on Microsoft Windows Server 2003 and Microsoft Windows XP 64-Bit Edition 2003.
Symantec Vulnerability Assessment
Symantec Vulnerability Assessment detects and reports this vulnerability. Click here for the advisory released April 13, 2004.
http://securityresponse.symantec.com/avcenter/sec...Content/10108.html
Stupid Microsoft making everyone aware of their holes then people make viruses, well work will be busy next few months, I do tech support and heard there was 160 calls waiting 
![[Image: attachment.php?pid=236608]](http://shoutbox.menthix.net/attachment.php?pid=236608)
Image credit to Matty.
----------------------------------------------------------------
Removal
Norton Removal Tool
Download the FxSasser.exe file from: http://securityresponse.symantec.com/avcenter/FxSasser.exe.
Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.
To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.
Close all the running programs before running the tool.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, then disable System Restore. Refer to the "System Restore option in Windows Me/XP" section later in this writeup for further details.
Caution: If you are running Windows Me/XP, we strongly recommend that you do not skip this step.
Double-click the FxSasser.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus definitions.
Disable System Restore Windows ME
Click Start
Click Settings
Click Control Panel
Double Click System
Click Preformance Tab at the top
Click File System
Click Troubleshooting Tab at the top
Check Disable System Restore (last box)
Click Ok, then Ok again
Disable System Restore Windows XP
Click Start
Click Run
Type "control panel" (without the quotes)
If in Category View(Says Pick a Category at the top) Click on System
If in Classic View (All icons shown) Double Click System
Click the System Restore tab at the top
Check the box that says Turn off System Restore on all drives.
You will be prompted and asked if you are sure and that all restore points will be deleted, Click Yes
Then click Apply, then Click OK
IF BY ANY CHANCE IN THE PROCESS OF DOING THIS THE BOX TO SHUT DOWN YOUR COMPUTER POPS UP DO THE FOLLOWING...
Click Start
Click Run
type "shutdown -a" (without the quotes)
Then Run the Removal Tool From Norton
After you have Run the Patch
Download and install the Microsoft update from here
(This Patch is for Windows XP Home and Pro with and without SP1)
For other Operating Systems please visit here
------------------------------
Variants
W32.Sasser.Worm
W32.Sasser.B.Worm
W32.Sasser.C.Worm
 Attachment: Sasser Worm.gif (7.44 KB)
This file has been downloaded 406 time(s).
This post was edited on 05-08-2004 at 04:20 PM by matty.
|
|
