RE: Windows XP - Still has a Windows NT4 DoS hangover?

From: Adcock, Matt (Matt.Adcock@gsccca.org)
Date: 11/28/01


Message-ID: <85D8960C64B2D311A52D00902789333501AF1AA8@excsrvr1.gsccca.org>
From: "Adcock, Matt" <Matt.Adcock@gsccca.org>
To: "'Bob Fryer'" <efryer@onaustralia.com.au>
Subject: RE: Windows XP - Still has a Windows NT4 DoS hangover?
Date: Wed, 28 Nov 2001 11:58:46 -0500

I don't really see how this is even close to a security issue since you
weren't able to do a repair or work on the problem at all. I'd assume a
generic lsass problem. If it still happened after a reapir/reapplication of
the service pack, I *might* consider something sinister. Do a search for
lsass on msdn - bugs are *rampant*. Not saying you're wrong, but don't
assume zebra when it's most likely a horse.

-----Original Message-----
From: Bob Fryer [mailto:efryer@onaustralia.com.au]
Sent: Wednesday, November 28, 2001 12:26 AM
To: incidents@securityfocus.com
Subject: Windows XP - Still has a Windows NT4 DoS hangover?

Mailer: SecurityFocus

Whilst indepth analysis could not be done (unit was
sent back to vendor to be rebuilt), it appears that
Windows XP has a similar exploit as Windows NT4.
See http://hypoclear.cjb.net/hypo_nt_dos.txt

Windows XP Home was running happily for a few
weeks and as of yesterday would not allow the
machine to boot up complaining of a 'ISASS.EXE"
error and then rebooting itself.

Trying the repair options after booting off CDROM,
resulted in being asked for the administrator
password, of which none has been set, by either the
user or the original vendor, but refused to allow blank
(default) or any that were tried. The vendor confirmed
that they do not set it at all.

There was a short timeframe where personal firewall
software or virus software was not available, so a
suspicion arises that the user was attacked via the
internet during that time.

Anyone else had any involvement with this problem?

Regards
Bob Fryer

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • SecurityFocus Microsoft Newsletter #191
    ... SecurityFocus ... MiniShare Server Remote Denial Of Service Vulnerability ... Relevant URL: http://www.securityfocus.com/bid/10409 ... Platforms: Windows 95/98, Windows NT ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #200
    ... SecurityFocus ... Verylost LostBook Message Entry HTML Injection Vulnerability ... Relevant URL: http://www.securityfocus.com/bid/10793 ... This vulnerability is only reported to affect the Microsoft Windows version of the application. ...
    (Focus-Microsoft)
  • Port 1521 aka "Unbreakable" Oracle Server
    ... After reading some posts on the lists and looking at the scripts at ... Then by creating a FUNCTION in Oracle ... Your chances of having that dll on a Windows system are quite big:) ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: IP Range
    ... >>Maybe someone can respond about whether a Windows version of whois exists. ... program later for easy upgrade of your previously selected packages. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Sniffers, scanners and XP raw packet drivers
    ... Ethereal won't find an interface, ... All these worked on my laptop nicely under Windows 2000? ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)