Simon Glassman <[EMAIL PROTECTED]> wrote: [restructured to proper quoting order]
> On Tuesday 12 August 2003 11:53 am, Jasper Blackwell wrote: > > Does anyone know if this MSblast worm affects Win NT machines, or is it > > just infecting 2000 and XP. > > This is affecting the following machines. > > Windows NT 4.0 server > Windows NT 4.0 Terminal Server Edition > Windows 2000 > Windows XP 32 Bit Edition > Windows XP 64 Bit Edition > Windows Server 2003 32 Bit Edition > Windows Server 2003 64 Bit Edition > > More info have a look at > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp The worm does not infect anything but W2K and XP machines (and even then, not "flawlessly"). NT 4.0 WS (not mentioned in the advisory as it had reached "end of life"), NT 4.0 Server & TS, W2K, XP and 2K3 all contain the DCOM vulnerability and (apart from NT 4.0 WS) are thus mentioned in the MS03-026 security bulletin. That does not mean they are affected or infected by the worm, or by any specific exploit (the nature of the overflow at the heart of the vulnerability is such that exploiting it requires knowledge of a memory location holding specific opcodes and these tend to rarely be available in a fixed location regardless of OS, SP, hotfix, etc level). Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
