MS04-011 Exploits - More new Agobot worms - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MS04-011 Exploits - More new Agobot worms

This morning Symantec listed new worms that manipulate the Microsoft Windows Local Security Authority Service Remote Buffer Overflow vulnerabilities. Applying the MS04-011 security patch will prevent infection from these new threats.

W32.Gaobot.AFJ
http://www.sarc.com/avcenter/venc/data/w32.gaobot.afj.html

W32.Gaobot.AFJ is a worm that spreads through open network shares, backdoors installed by the Beagle and Mydoom worms, and several Windows vulnerabilities including:

* DCOM RPC Vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
* Workstation Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049.
* Exploits the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Securiy Bulletin MS04-011).

W32.Gaobot.AFC
http://www.sarc.com/avcenter/venc/data/w32.gaobot.afc.html

W32.Gaobot.AFC is a worm that spreads through open network shares and several Windows vulnerabilities including:

* The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
* The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
* The Workstation service buffer overrun vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049.
* The UPnP vulnerability (described in Microsoft Security Bulletin MS01-059).
* The vulnerabilities in the Microsoft SQL Server 2000 or MSDE 2000 audit (described in Microsoft Security Bulletin MS02-061) using UDP port 1434.
* Exploits the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Securiy Bulletin MS04-011).

W32.Gaobot.AFW
http://www.sarc.com/avcenter/venc/data/w32.gaobot.afw.html

W32.Gaobot.AFW is a worm that spreads through open network shares and several Windows vulnerabilities including:

* The DCOM RPC Vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
* The WebDav Vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
The Workstation Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049.
* The UPnP NOTIFY Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS01-059).
* The vulnerabilities in the Microsoft SQL Server 2000 or MSDE 2000 audit (described in Microsoft Security Bulletin MS02-061) using UDP port 1434.
* Exploits the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Securiy Bulletin MS04-011).

Posted: Apr 30 2004, 05:48 AM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.