I have noticed a problem with the symantec instructions. It does not have a
procedure for protecting the machine while doing the critical updates and
the updates for the virus sigs!
When the user reconnects to the internet they get re-infected before being
able to complete the updates.
A few suggestions.
1. If not XP or there is not a firewall available on the machine.
a. Install a firewall package on the machine to block port 139.
b. Do the updates behind a router so the machine will not get
re-infected
2. If XP turn on the "Internet Connection Firewall" feature and add a block
for port 139
Once this is complete then the user can continue to update their machine
without getting re-infected.
Kevin Bilbee
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Terry Parks
> Sent: Monday, August 11, 2003 6:04 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] RPC Vulnerability
>
>
> This might be of use:
>
> Here is a link to the full page with this information on it:
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet
> /security/
> bulletin/MS03-026.asp
>
>
> Subject:
>
> Fix for the RPC and NT Authority Shutdown
>
> Body:
>
> This is the Fix for the NT Authority Shutdown, please follow the link that
> corresponds with your operating system.
>
> -Windows 2000
>
> http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541
> -4C15-8C9F
> -220354449117&displaylang=en
>
> Windows XP 32 bit Edition
>
> http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6
> -44AC-9532
> -3DE40F69C074&displaylang=en
>
> Terry
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Richard Farris
> Sent: Monday, August 11, 2003 5:47 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] RPC Vulnerability
>
> Does anyone know of a fix once a customer is experiecing this problem and
> how are they getting it...we have updated our F-Prot and are locking down
> our routers now..
>
> The message says RPC terminated unexpectedly and is shutting down
> Windows in
> 60 seconds..
>
> Richard Farris
> Ethixs Online
> 1.800.548.3877
> ----- Original Message -----
> From: "R. Scott Perry" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, August 11, 2003 2:58 PM
> Subject: RE: [Declude.JunkMail] GSC Files
>
>
> >
> > > > -----Original Message-----
> > >
> > >Any idea when the next release will be availabel???
> >
> > No idea at this point. However, as soon as the feature is
> added, we will
> > have an interim release for people who need the feature as soon as
> possible.
> >
> > -Scott
> > ---
> > Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> > Declude Virus: Catches known viruses and is the leader in mailserver
> > vulnerability detection.
> > Find out what you have been missing: Ask for a free 30-day evaluation.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list. To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail". The archives can be found
> > at http://www.mail-archive.com.
> >
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Surfside Internet]
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
