[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F3991BB.9183.4D691FD6@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: MSblast worm
Simon Glassman <simon@...box.co.uk> wrote:
[restructured to proper quoting order]
> On Tuesday 12 August 2003 11:53 am, Jasper Blackwell wrote:
> > Does anyone know if this MSblast worm affects Win NT machines, or is it
> > just infecting 2000 and XP.
>
> This is affecting the following machines.
>
> Windows NT 4.0 server
> Windows NT 4.0 Terminal Server Edition
> Windows 2000
> Windows XP 32 Bit Edition
> Windows XP 64 Bit Edition
> Windows Server 2003 32 Bit Edition
> Windows Server 2003 64 Bit Edition
>
> More info have a look at
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
The worm does not infect anything but W2K and XP machines (and even
then, not "flawlessly").
NT 4.0 WS (not mentioned in the advisory as it had reached "end of
life"), NT 4.0 Server & TS, W2K, XP and 2K3 all contain the DCOM
vulnerability and (apart from NT 4.0 WS) are thus mentioned in the
MS03-026 security bulletin. That does not mean they are affected or
infected by the worm, or by any specific exploit (the nature of the
overflow at the heart of the vulnerability is such that exploiting it
requires knowledge of a memory location holding specific opcodes and
these tend to rarely be available in a fixed location regardless of OS,
SP, hotfix, etc level).
Regards,
Nick FitzGerald
Powered by blists - more mailing lists