Re: New LSASS-based worm finally here (Sasser)
From: Javier Fernandez-Sanguino (jfernandez_at_germinus.com)
Date: 05/03/04
- Previous message: Bram Matthys (Syzop): "Re: [Full-Disclosure] iDEFENSE: Upcoming OpenSSH Security Advisory Announcement"
- In reply to: Ben Ryan: "[Full-Disclosure] New LSASS-based worm finally here (Sasser)"
- Next in thread: Javier Fernandez-Sanguino: "[Full-Disclosure] Re: New LSASS-based worm finally here (Sasser)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 03 May 2004 10:45:35 +0200 To: Ben Ryan <ben@bssc.edu.au>
Ben Ryan wrote:
> As expected, LSASS exploit-based worm seems to have arrived. Fasten your
> seatbelts, those unpatched please use the spew bags provided :)
> I hope PSS resolves the issues discussed in KB835732.
What's more disturbing is that this worm has established a new record
for Microsoft worms [1]. Blaster was the fastest worm (25 days since
the patch was published to the worm), this one has been even faster
(17 days for the first variant since the patch was published to the
worm). Of course, I'm not considering the fact that this issue was
known, at least to eEye and Microsoft, for over 5 months.
Regards
Javier
[1] Approaching the record of worms in other OS, which, I believe, is
held by Scalper (10 days from patch to worm). But hey, they could
browse the source changes for that one.
- Previous message: Bram Matthys (Syzop): "Re: [Full-Disclosure] iDEFENSE: Upcoming OpenSSH Security Advisory Announcement"
- In reply to: Ben Ryan: "[Full-Disclosure] New LSASS-based worm finally here (Sasser)"
- Next in thread: Javier Fernandez-Sanguino: "[Full-Disclosure] Re: New LSASS-based worm finally here (Sasser)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
