Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 081972.html (Request Expert securityfocus.com Support)

RE: MSBLASTER Infecting despite 03-026 patch?

From: Dan Hanson <dhanson(at)securityfocus.com>
Date: Tue Aug 12 2003 - 01:39:22 EDT


Check the versions of the files replaced by the MS03-026 patch... there were some reports (on NTBugtraq I believe) where applciation of the MS03-026 patch simultaneous with other things overwrote teh patched files...

http://support.microsoft.com/?kbid=823980

On Tue, 12 Aug 2003, Carter, Mike wrote:

> This is something that really worries me, I've heard it to.
> Also I am getting conflicting results when scanning for the patch
> installation. I've been using MBSA, GFI LANguard and Retina which all
> tell me something different.
> Which one should I trust??
> Or is there something else I should be using?

-snip-
- a different included message -
>
>
> I have seen, and have heard other reports of, msblaster.exe worm
> infecting a Windows computer that had the proper KB patch specified by
> the 03-026 advisory. In the instance I personally saw it was a Windows
> XP Professional workstation that was completely patched. The person who
> used the workstation was surprised that they were infected since they
> has applied the patch and I verified (via Add/Remove Programs) that they
> did, indeed have the proper patch applied. I checked with my parent
> organization and they had been receiving sporadic reports of patched
> machines being infected despite being patched. Unfortunately I removed
> the worm from the computer without copying it so I don't have a backup
> of it for analysis.

Received on Tue Aug 12 01:48:48 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:16 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library