[Full-Disclosure] RE: Full-Disclosure digest, new LSASS - Javier

["RandallM" <randallm@xxxxxxxxxxx>]

Javier,
Boy are you hitting the head on the nail. There I was getting ready to patch
all the machines I could that day (I had posted here about getting help in
that direction "a man's gotta patch") and while I had a cd in my hand
getting ready to insert it, up popped the "LSASS Vulnerability" error and
"restart in 60 seconds"! Well, I shut it down, booted with no network and
patched and everything came out ok. Whew!

<|>--__--__--
<|>
<|>Message: 4
<|>Date: Mon, 03 May 2004 10:45:35 +0200
<|>From: Javier Fernandez-Sanguino <jfernandez@xxxxxxxxxxxx>
<|>Organization: Germinus
<|>To: Ben Ryan <ben@xxxxxxxxxxx>
<|>CC: NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx,
<|>   full-disclosure@xxxxxxxxxxxxxxxx
<|>Subject: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser)
<|>
<|>Ben Ryan wrote:
<|>
<|>> As expected, LSASS exploit-based worm seems to have arrived. Fasten
<|>your
<|>> seatbelts, those unpatched please use the spew bags provided :)
<|>> I hope PSS resolves the issues discussed in KB835732.
<|>
<|>What's more disturbing is that this worm has established a new record
<|>for Microsoft worms [1]. Blaster was the fastest worm (25 days since
<|>the patch was published to the worm), this one has been even faster
<|>(17 days for the first variant since the patch was published to the
<|>worm). Of course, I'm not considering the fact that this issue was
<|>known, at least to eEye and Microsoft, for over 5 months.
<|>
<|>Regards
<|>
<|>Javier
<|>
<|>[1] Approaching the record of worms in other OS, which, I believe, is
<|>held by Scalper (10 days from patch to worm). But hey, they could
<|>browse the source changes for that one.
<|>
<|>
<|>--__--__--
<|>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html