Full Disclosure mailing list archives
[Full-Disclosure] RE: Full-disclosure digest, new LSASS - Javier
From: "RandallM" <randallm () fidmail com>
Date: Mon, 3 May 2004 18:59:28 -0500
Javier, Boy are you hitting the head on the nail. There I was getting ready to patch all the machines I could that day (I had posted here about getting help in that direction "a man's gotta patch") and while I had a cd in my hand getting ready to insert it, up popped the "LSASS Vulnerability" error and "restart in 60 seconds"! Well, I shut it down, booted with no network and patched and everything came out ok. Whew! <|>--__--__-- <|> <|>Message: 4 <|>Date: Mon, 03 May 2004 10:45:35 +0200 <|>From: Javier Fernandez-Sanguino <jfernandez () germinus com> <|>Organization: Germinus <|>To: Ben Ryan <ben () bssc edu au> <|>CC: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM, bugtraq () securityfocus com, <|> full-disclosure () lists netsys com <|>Subject: [Full-disclosure] Re: New LSASS-based worm finally here (Sasser) <|> <|>Ben Ryan wrote: <|> <|>> As expected, LSASS exploit-based worm seems to have arrived. Fasten <|>your <|>> seatbelts, those unpatched please use the spew bags provided :) <|>> I hope PSS resolves the issues discussed in KB835732. <|> <|>What's more disturbing is that this worm has established a new record <|>for Microsoft worms [1]. Blaster was the fastest worm (25 days since <|>the patch was published to the worm), this one has been even faster <|>(17 days for the first variant since the patch was published to the <|>worm). Of course, I'm not considering the fact that this issue was <|>known, at least to eEye and Microsoft, for over 5 months. <|> <|>Regards <|> <|>Javier <|> <|>[1] Approaching the record of worms in other OS, which, I believe, is <|>held by Scalper (10 days from patch to worm). But hey, they could <|>browse the source changes for that one. <|> <|> <|>--__--__-- <|> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] RE: Full-disclosure digest, new LSASS - Javier RandallM (May 03)