Full Disclosure mailing list archives
Re: MSblast worm
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 13 Aug 2003 01:17:47 +1200
Simon Glassman <simon () bsdbox co uk> wrote: [restructured to proper quoting order]
On Tuesday 12 August 2003 11:53 am, Jasper Blackwell wrote:Does anyone know if this MSblast worm affects Win NT machines, or is it just infecting 2000 and XP.This is affecting the following machines. Windows NT 4.0 server Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP 32 Bit Edition Windows XP 64 Bit Edition Windows Server 2003 32 Bit Edition Windows Server 2003 64 Bit Edition More info have a look at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
The worm does not infect anything but W2K and XP machines (and even then, not "flawlessly"). NT 4.0 WS (not mentioned in the advisory as it had reached "end of life"), NT 4.0 Server & TS, W2K, XP and 2K3 all contain the DCOM vulnerability and (apart from NT 4.0 WS) are thus mentioned in the MS03-026 security bulletin. That does not mean they are affected or infected by the worm, or by any specific exploit (the nature of the overflow at the heart of the vulnerability is such that exploiting it requires knowledge of a memory location holding specific opcodes and these tend to rarely be available in a fixed location regardless of OS, SP, hotfix, etc level). Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSblast worm Jasper Blackwell (Aug 12)
- Re: MSblast worm Johan Denoyer (Aug 12)
- Re: MSblast worm Matthew Murphy (Aug 12)
- Re: MSblast worm Robert Lemos (Aug 12)
- Re: MSblast worm Simon Glassman (Aug 12)
- Re: MSblast worm Nick FitzGerald (Aug 12)
- Re: MSblast worm KF (Aug 12)
- <Possible follow-ups>
- Re: MSblast worm Mike . Keighley (Aug 12)
- Re: MSblast worm tom (Aug 12)
- RE: RE: MSblast worm Jasper Blackwell (Aug 12)
- Re: MSblast worm Johan Denoyer (Aug 12)