Full Disclosure mailing list archives

RE: LSASS exploit win32 binary

From: "Stuart Fox (DSL AK)" <StuartF () datacom co nz>
Date: Fri, 30 Apr 2004 15:53:02 +1200

For those servers that break when you apply MS04-011, there's a KB article
that describes what to do to work around it.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;841382

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Chris Scott
Sent: Thursday, 29 April 2004 4:22 p.m.
To: bosborne () caltex com au; full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] LSASS exploit win32 binary

Does anyone have snort sigs or any means of defending against 
the worms that are exploiting this? Several acquaintances of 
mine which work for edu's are reporting their networks being 
affected by this in a big way. They have 2k machines which 
apparently broke when applied with the MS04-011 patch.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

LSASS exploit win32 binary Q.Long (Apr 27)
- RE: LSASS exploit win32 binary Chris Scott (Apr 27)
- <Possible follow-ups>
- RE: LSASS exploit win32 binary bosborne (Apr 27)
  - RE: LSASS exploit win32 binary Chris Scott (Apr 28)
    - Re: LSASS exploit win32 binary Paul Tinsley (Apr 28)
- RE: LSASS exploit win32 binary Stuart Fox (DSL AK) (Apr 29)