questions?

[Guest]

i read this article somewhere about a worm.
Windows XP SP2 users should be safe unless they have
enabled Null sessions. How do i find out if Null Sessions
is disabled?

 

[Andre Da Costa [Extended64]]

No, only the Windows 2000 operating system.
http://news.com.com/Windows+worms+knocking+out+computers/2100-7349_3-5835530.html?tag=nefd.lede
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Andre Da Costa [Extended64]]

Well, it does affect XP, but only pre- SP2 PCs it seems:
The security issue exploited by the worm also affects the newer Windows XP
and Windows Server 2003, but only PCs running Windows 2000 are susceptible
to a remote attack, Microsoft has said.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Bill Sanderson]

Apply the set of critical patches issues a week ago Tuesday, in particular
MS05-039 (899588) and you are fine, regardless of the setting you cite. As
I read the current Microsoft bulletin on this issue, XP is safe from remote
attack via this mechanism.

http://www.microsoft.com/technet/security/advisory/899588.mspx

 

[Bill Sanderson]

Apply the set of critical patches issues a week ago Tuesday, in particular
MS05-039 (899588) and you are fine, regardless of the setting you cite. As
I read the current Microsoft bulletin on this issue, XP is safe from
anonymous (unauthenticated) remote attack via this vulnerability.

http://www.microsoft.com/technet/security/advisory/899588.mspx

 

[Frank Saunders, MS-MVP, IE/OE]

But I think WinXP is still vulnerable to its being opened from an email.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Bill Sanderson]

You caught that one fast (I hope)--I cancelled it and revised it to read
remote unauthenticated attack.

Yes, I agree--it sounds as though one or more of the variants attempt to
spread by other means, including email attachments. The only real-world
experience I've seen posted, however, indicates simply that machines are
being infected via TCP port 445--however that begs the question of where the
infected packets are coming from. I believe what I am hearing about are
infections internal to large networks, and not from the Internet--these
folks are quite savvy enough to not have that open.

--

 

[Frank Saunders, MS-MVP, IE/OE]

Probably mostly laptops whose users "don't have time to update."

 

[Bill Sanderson]

That's the popular stereotype, but I sure wish we had some real analysis. I
guess it doesn't really matter--the lesson is that you either need to have
patched, or need an effective quarantine on attachment to the network
mechanism. I'm not sure how well that works with Windows Server 2003 at the
moment. I think by Vista it may actually be effective.

--