RE: PATCHES?

From: TJ Campana [MSFT] (tcampana_at_online.microsoft.com)
Date: 05/03/04 

Date: Mon, 03 May 2004 18:08:25 GMT

>MY QUESTIONS IS HOW AM I SUPPOSED TO DOWNLOAD THE PATCH WHEN THE SASSER VIRUS DOESNT ALLOW ME TO GET ON THE
INTERNET! I NEED TO REMOVE THE VIRUS FIRST! MICROSOFT TELLS YOU ON THEIE WEBSITE THAT YOU NEED TO INSTALL THE PATCH,
WHEN DUH! I NEED TO BE ABLE TO GET ON THE INTERNET FIRST AND THATS MY MAIN PROBLEM. i AM TRYING TO DOWNLOAD THE
REMOVAL PROGRAM AT WORK. I HOPE IT WORKS.

DOES ANYBODY HAVE ANY SUGGESTTIONS?

>
What operating system are you running? If you are running XP you can use the Internet Connection Firewall to protect your system while you access the
Microsoft Site. For more information on this you can go to the help file on the XP System. To prevent the system from rebooting you will have to unplug it
from the network while you enable the firewall. Once the firewall is up you should be good to go!

If you are running Windows 2000 then you will first have to unplug the system from the network to prevent the system reboots. Next create a read only
copy of the following file dcpromo.log in the >%systemroot%\debug directory. You can do this with the following two commands at the DOS prompt:

echo dcpromo >%systemroot%\debug\dcpromo.log

&

attrib +R %systemroot%\debug\dcpromo.log

This will stop the system from rebooting long enough for you to download the MS04-011 patch and the cleaner tool. Please patch then clean!

Cleaner Tool Location:
http://www.microsoft.com/security/incident/sasser.asp

Patch location:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Creating the dcpromo.log file should prevent the rebooting of the system in either case, but you will only be protected if you patch the system and then
clean it using the latest cleaner from our site. The current cleaner cleans variants A and B with an updates cleaner expected out later today to deal with C
& D variants.

T.J. Campana [MSFT]
Microsoft EPS Networking 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at 
http://www.microsoft.com/info/cpyright.htm 
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

Relevant Pages

  • Re: NT Authority..
    ... You could have Blaster or you could have Sasser. ... the Microsoft provided information on the matter can be ... The patch that would have prevented this whole fiasco for you: ... After enabling the Internet Connection Firewall or creating the read-only ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Be careful of XP - dont do the automatic updates... They had to reformat the whole hard drive!
    ... That's what SUS is for - it lets network adminstrators choose which updates ... I've seen MINIMAL problems reported with any patch deployment - maybe SP2 ... > seems to think that updates from microsoft are to be avoided - and only ... > when the virus traffic on our internet gets too high, ...
    (microsoft.public.security)
  • Re: HELP SP2 issues, i think
    ... internet. ... Her ISP gave her the number for microsoft. ... There was a patch ...
    (microsoft.public.security)
  • Re: Unsepected Shutdowns.
    ... the Microsoft provided information on the matter can be ... The patch that would have prevented this whole fiasco for you: ... ** You MUST have Windows XP SP1a installed FIRST! ... After enabling the Internet Connection Firewall or creating the read-only ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: [Full-disclosure] Security Alert: Unofficial IE patches appear on internet
    ... created by a vulnerability is as serious as this case and the available ... Microsoft will be inclined strongly against holding on to this patch. ... Microsoft often have patches ready but wait for the corporate known ...
    (Full-Disclosure)