Lsass Secure

GovernmentSecurity.org > The Archives > General Network Security

EXPLOiTED

Apr 28 2004, 09:48 PM

Hey..jsut wondering if the only way to secure machines is the msft patch...and do they haev that same patch for XP?

SCVirus

Apr 28 2004, 09:54 PM

Well you could completely stop the affected service, disconnect yourself from the internet or block all inbound traffic. Of cource microsoft released an XP patch as well as one for all their 'supported' OS.

Khran

Apr 29 2004, 11:16 AM

QUOTE

Due to the necessity of establishing a NULL session with a target system to carry out successful exploitation using named pipes, as a possible workaround, users are advised to disable NULL sessions via the system registry. This can be done by modifying the following registry key on Windows 2000 systems:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\ RestrictAnonymous = "1"

It was originally believed that the vulnerability could only be exploited by accessing the vulnerable interface via named pipes over the SMB protocol, restricting the scope of the vulnerability to TCP ports 139 and 445. In light of new information available from Microsoft, the scope of this vulnerability has been
expanded to include TCP ports 135, 139, 445, 593 and ports greater than 1024, as well as UDP ports 135, 137, 138 and 445. Administrators are encouraged to block external access to the aforementioned ports and disable "File and Print Sharing for Microsoft Networks" from the associated network interface.

Summarize :
- Disable File and Print Sharing for Microsoft Networks
- Disable NULL session access (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\ RestrictAnonymous = "1")

jimmy

Apr 29 2004, 03:54 PM

Summarize :
- Disable File and Print Sharing for Microsoft Networks
- Disable NULL session access (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\ RestrictAnonymous = "1")

Why don't you shut it down ?? will be secure for sure than

Eclipse

Apr 29 2004, 07:46 PM

http://www.microsoft.com/technet/security/...n/MS04-011.mspx

Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download the update

mich125

Apr 30 2004, 07:48 AM

hi can anyone tell me how to secure it , step by step i would be realy apreciate for it, i tried patches but i dont know how to install them in silent mode, and maybe there is easier way?

Erra

Apr 30 2004, 08:29 AM

Look around there is already a thread that states very plainly how to secre using the patches........

The basic idea is /quiet /norestart

or if you want the machine to reboot, /forcerestart

mich125

Apr 30 2004, 09:42 AM

hmm i tried /quiet /norestart but its still vuln:/ any ideas>?

RFlash

Apr 30 2004, 10:09 AM

Well I think that you should restart the machine to activate the patch.

RFlash

=k3Rn=

Aug 21 2004, 08:15 AM

is it really needed to dl the right language patch or will the english one work on all machines?

Krogoth

Aug 23 2004, 10:24 AM

you've to get the right language patch otherwise it won't patch.

=k3Rn=

Aug 23 2004, 12:15 PM

yea i tested it now
you need to have the right os and the right language, otherwise it won't patch.

the patch for 2k is ~8mb :/

DumpZ

Aug 23 2004, 02:50 PM

Correct me if im wrong if it's get exploided then the something crashed and then it vuln again when the comp start because the process get started again, so you can apply the norestart and when it restarts it's patched

Krogoth

Aug 23 2004, 05:06 PM

win2k will reboot by itself when you exploit it. i'm not sure about winxp doing the same thing since i haven't tested it. then you have to reboot it again after applying the patch. this short test was carried out by applying the xploit THCIISSLame on win2k.

Serhat

Aug 23 2004, 05:12 PM

QUOTE (Krogoth @ Aug 23 2004, 05:06 PM)

some exploits want to reboot XP also.. I tried it out with some.. and got in on 1 pc.. and rebooted many afterwards

(all XP)

Serhat

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.