Geeks With Blogs
ex-blog Information security world

Michael Howard posted a note about changes in Windows 2003 that disable flaw used by 'Sasser' worm (cleanup tool and doc available) :

... and Windows Server 2003 is not infected. Why? Because the RPC interface, which is accessible to anyone (ie; anonymous) on Windows XP and Win2000, was changed in Win2003 so that it requires a local admin to access. Not a remote admin, a local admin using the server's keyboard.

I think it is done the same way as in Chapter 16 of “Writing Secure Code, 2nd Ed”.

'Secure by Default' initiative in action (and as Michael notes - it is improved in Windows XP SP2) [via Dana Epp]

BTW, updated WXP SP2 docs posted for download.

Update:  Tristan K writes how IPSec Policies can be used as a Firewall to block Sasser infection

Posted on Wednesday, May 5, 2004 6:55 AM Security | Back to top

Copyright © John Doe | Powered by: