hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
BLaCkOuT
Nov 17 2003, 04:01 PM
plz, How to closed vulnerability 03-049 via remote ? (without dowload the patch from Microsoft)

thx
tribalgoa
Nov 17 2003, 04:36 PM
why not download the patch and run it ?
pita
Nov 17 2003, 05:53 PM
i didn't test but this is from the microsoft bulletin

CODE

You can disable the Workstation service to help prevent the possibility of an attack.

To disable the Workstation service on Windows XP:

  1. Click Start, and then click Control Panel.
  2. In the default Category View, click Performance and Maintenance.
  3. Click Administrative Tools.
  4. Double-click Services.
  5. Double-click Workstation.
  6. On the General tab, click Disabled in the Startup type list.
  7. Click Stop under Service status, and then click OK.

To disable the Workstation service on Windows 2000:

  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Administrative Tools.
  3. Double-click Services.
  4. Double-click Workstation.
  5. On the General tab, click Disabled in the Startup type list.
  6. Click Stop under Service status, and then click OK.

Impact of Workaround: If the Workstation service is disabled, the system cannot connect to any shared file resources or shared print resources on a network. Only use this workaround on stand-alone systems (such as many home systems) that do not connect to a network. If the Workstation service is disabled, any services that explicitly depend on the Workstation service do not start, and an error message is logged in the system event log. The following services depend on the Workstation service:

   * Alerter
   * Browser
   * Messenger
   * Net Logon
   * RPC Locator

These services are required to access resources on a network and to perform domain authentication. Internet connectivity and browsing for stand-alone systems, such as users on dial-up connections, on DSL connections, or on cable modem connections, should not be affected if these services are disabled.

Note: The Microsoft Baseline Security Analyzer will not function if the Workstation service is disabled. It is possible that other applications may also require the Workstation service. If an application requires the Workstation service, simply re-enable the service. This can be performed by changing the Startup Type for the Workstation service back to Automatic and restarting the system


so u could do
net stop workstation /y

and that will protect u against this vulnerability
BLaCkOuT
Nov 18 2003, 04:46 PM
QUOTE (pita @ Nov 17 2003, 05:53 PM)

so u could do
net stop workstation /y

and that will protect u against this vulnerability

thanks Pita wink.gif
SuperG
Nov 18 2003, 05:30 PM
Hi all ... salut Pita wink.gif

I would suggest you really should install the MS patch. Uually can a silent install is possible (...exe /h to see details).
However if you really don't wanna use the MS patch and prefer Pita solution, that is to say Stopping the Workstation service, then "net stop workstation" isn't enough. You have to disable this service. So u may use sc.exe from the win2k reskit and do :

sc.exe config Workstation start= disabled

Hope it'll help ! ++
fivestar
Nov 18 2003, 06:30 PM
Oh, thanks * SuperG. I did not remember. Become times test whether it
goes also remotely. I want to hope it. smile.gif
Steffan
Nov 18 2003, 11:14 PM
Yes SuperG has right... cool.gif
QUOTE
net stop workstation /y

just shutdown the service... after rebooting the service will star again .. biggrin.gif
U need Amin Rights to do this .. wink.gif

but install the patch will be the best solution in this case cause they will need the service smile.gif


C'ya
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.