RE: Windows XP - Still has a Windows NT4 DoS hangover?

From: Adcock, Matt (Matt.Adcock@gsccca.org)
Date: 11/28/01


Message-ID: <85D8960C64B2D311A52D00902789333501AF1AA8@excsrvr1.gsccca.org>
From: "Adcock, Matt" <Matt.Adcock@gsccca.org>
To: "'Bob Fryer'" <efryer@onaustralia.com.au>
Subject: RE: Windows XP - Still has a Windows NT4 DoS hangover?
Date: Wed, 28 Nov 2001 11:58:46 -0500

I don't really see how this is even close to a security issue since you
weren't able to do a repair or work on the problem at all. I'd assume a
generic lsass problem. If it still happened after a reapir/reapplication of
the service pack, I *might* consider something sinister. Do a search for
lsass on msdn - bugs are *rampant*. Not saying you're wrong, but don't
assume zebra when it's most likely a horse.

-----Original Message-----
From: Bob Fryer [mailto:efryer@onaustralia.com.au]
Sent: Wednesday, November 28, 2001 12:26 AM
To: incidents@securityfocus.com
Subject: Windows XP - Still has a Windows NT4 DoS hangover?

Mailer: SecurityFocus

Whilst indepth analysis could not be done (unit was
sent back to vendor to be rebuilt), it appears that
Windows XP has a similar exploit as Windows NT4.
See http://hypoclear.cjb.net/hypo_nt_dos.txt

Windows XP Home was running happily for a few
weeks and as of yesterday would not allow the
machine to boot up complaining of a 'ISASS.EXE"
error and then rebooting itself.

Trying the repair options after booting off CDROM,
resulted in being asked for the administrator
password, of which none has been set, by either the
user or the original vendor, but refused to allow blank
(default) or any that were tried. The vendor confirmed
that they do not set it at all.

There was a short timeframe where personal firewall
software or virus software was not available, so a
suspicion arises that the user was attacked via the
internet during that time.

Anyone else had any involvement with this problem?

Regards
Bob Fryer

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com