RE: MSBLASTER Infecting despite 03-026 patch?

The updates, if run from Windows update, don't seem to be working all that well. That is at least my observation. The link that Dan gave is right on for figuring out if it is installed correctly and what I found was that eEyes Retina checked for the RPC service and to see if the service was vulnerable. GFI and I believe MBSA just check to see if the patch is applied but doesn't check to see if the vulnerability still exists. The only way to do that is to bind and test away.

Good luck,
Christopher Lyon
Sr. Security Development Engineer
Affant Communication (formerly DNS Network Services) v: 714-338-7106
f: 714-338-7101
cslyon@affant.com

> -----Original Message-----
there
> were some reports (on NTBugtraq I believe) where applciation of the
all
> > tell me something different.
> > Which one should I trust??
> > Or is there something else I should be using?
>
> -snip-
by
> > the 03-026 advisory. In the instance I personally saw it was a
Windows
> > XP Professional workstation that was completely patched. The person
who
> > used the workstation was surprised that they were infected since
they
> > has applied the patch and I verified (via Add/Remove Programs) that
they
> > did, indeed have the proper patch applied. I checked with my parent
> > organization and they had been receiving sporadic reports of patched
> > machines being infected despite being patched. Unfortunately I
removed
> > the worm from the computer without copying it so I don't have a
backup
> > of it for analysis.
>
>

--

> -

>

------------------------------------------------------------------------
--

> --

> 



---------------------------------------------------------------------------
----------------------------------------------------------------------------