Sasser: How critical is "not critical"

From

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
critically affected by any of the vulnerabilities that are addressed in this
security bulletin?
No. None of these vulnerabilities are critical in severity on Windows 98, on
Windows 98 Second Edition, or on Windows Millennium Edition.

Any comment welcome.

zz
Wed May 05 11:11:39 CDT 2004

FakeMailThatWorks wrote:

> From
>
> http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
>
> Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
> critically affected by any of the vulnerabilities that are addressed in this
> security bulletin?
> No. None of these vulnerabilities are critical in severity on Windows 98, on
> Windows 98 Second Edition, or on Windows Millennium Edition.
>
> Any comment welcome.
>
>

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
says sasser can run but not infect those OS.

g-w

White
Wed May 05 11:28:28 CDT 2004

Many users can still a lesson here regarding Sasser and
Windows, and I hope this lesson is not lost on anyone
here: Sasser is exploiting a known Windows flaw for which
Microsoft issued a software patch THREE WEEKS AGO!

The lesson: those who REGULARLY check for Windows updates
(or let it automatically run on your computer) was NOT
affected by Sasser.

www.windowsupdate.microsoft.com is your friend, everyone!!!

FakeMailThatWorks
Wed May 05 11:35:10 CDT 2004


"White Walls are Really Black" <anonymous@discussions.microsoft.com> schreef
in bericht news:8bd701c432bd$ff001620$a501280a@phx.gbl...
> Many users can still a lesson here regarding Sasser and
> Windows, and I hope this lesson is not lost on anyone
> here: Sasser is exploiting a known Windows flaw for which
> Microsoft issued a software patch THREE WEEKS AGO!
>
> The lesson: those who REGULARLY check for Windows updates
> (or let it automatically run on your computer) was NOT
> affected by Sasser.
>
> www.windowsupdate.microsoft.com is your friend, everyone!!!

And what is your contribution to my post?

FakeMailThatWorks
Wed May 05 11:35:36 CDT 2004


"zz" <zz@nospam.com> schreef in bericht
news:%m8mc.756$xV6.195@newssvr16.news.prodigy.com...
> FakeMailThatWorks wrote:
>
> > From
> >
> > http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
> >
> > Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
> > critically affected by any of the vulnerabilities that are addressed in
this
> > security bulletin?
> > No. None of these vulnerabilities are critical in severity on Windows
98, on
> > Windows 98 Second Edition, or on Windows Millennium Edition.
> >
> > Any comment welcome.
> >
> >
>
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
> says sasser can run but not infect those OS.

Thanks, great input!

White
Wed May 05 12:05:28 CDT 2004

You claimed "any comment welcome," correct?

Sorry if you have a chip on your shoulder because you
DIDN'T get infected by Sasser. And what are you exactly
complaining about? Did you WANT Sasser to affect Windows
98 and Millennium? Obviously the creator(s) of Sasser
chose the vulnerability in Windows 2K and XP because #1.
it existed, and #2. the majority of computer users use
Windows 2K or XP, NOT Windows 98 or Millennium.

So maybe YOUR post isn't much of a contribution in the
first place! Funny, isn't it?

My post is a contribution; let the lesson be learned!
Users should get regular updates from Microsoft through
www.windowsupdate.microsoft.com and they won't have to
worry about Sasser or other little nasties. No operating
system is 100% secure but at least Microsoft is trying;
they can't protect those who choose not to.

By the way, buddy, when you finally join the rest of us
and get Windows 2K and/or XP, you WILL need the updates!
LMAO!

zz
Wed May 05 12:16:43 CDT 2004

White Walls are Really Black wrote:

> You claimed "any comment welcome," correct?
>
> Sorry if you have a chip on your shoulder because you
> DIDN'T get infected by Sasser. And what are you exactly
> complaining about? Did you WANT Sasser to affect Windows
> 98 and Millennium? Obviously the creator(s) of Sasser
> chose the vulnerability in Windows 2K and XP because #1.
> it existed, and #2. the majority of computer users use
> Windows 2K or XP, NOT Windows 98 or Millennium.
>
> So maybe YOUR post isn't much of a contribution in the
> first place! Funny, isn't it?
>
> My post is a contribution; let the lesson be learned!
> Users should get regular updates from Microsoft through
> www.windowsupdate.microsoft.com and they won't have to
> worry about Sasser or other little nasties. No operating
> system is 100% secure but at least Microsoft is trying;
> they can't protect those who choose not to.
>
> By the way, buddy, when you finally join the rest of us
> and get Windows 2K and/or XP, you WILL need the updates!
> LMAO!

Actually worldwide more computers use Win 9x line of OS than the NT line.

g-w

FakeMailThatWorks
Wed May 05 12:39:16 CDT 2004


"White Walls are Really Black" <anonymous@discussions.microsoft.com> schreef
in bericht news:8c2a01c432c3$2a320830$a501280a@phx.gbl...
> You claimed "any comment welcome," correct?
>
> Sorry if you have a chip on your shoulder because you
> DIDN'T get infected by Sasser. And what are you exactly
> complaining about? Did you WANT Sasser to affect Windows
> 98 and Millennium? Obviously the creator(s) of Sasser
> chose the vulnerability in Windows 2K and XP because #1.
> it existed, and #2. the majority of computer users use
> Windows 2K or XP, NOT Windows 98 or Millennium.
>
> So maybe YOUR post isn't much of a contribution in the
> first place! Funny, isn't it?
>
> My post is a contribution; let the lesson be learned!
> Users should get regular updates from Microsoft through
> www.windowsupdate.microsoft.com and they won't have to
> worry about Sasser or other little nasties. No operating
> system is 100% secure but at least Microsoft is trying;
> they can't protect those who choose not to.
>
> By the way, buddy, when you finally join the rest of us
> and get Windows 2K and/or XP, you WILL need the updates!
> LMAO!

PLOINK

White
Wed May 05 12:38:31 CDT 2004

>Actually worldwide more computers use Win 9x line of OS
than the NT line.

In any case, let's assume that worldwide, Win 9X is
still "popular" (and I have articles to suggest that yes,
many companies are still using 98).

Microsoft ALREADY announced its intention to halt further
distribution of Windows 98 and has no plans to continue
producing security patches for Windows 98 even if a virus
or worm outbreak targets that platform.

Users should upgrade to a supported Windows operating
system (meaning, WINDOWS 2K or XP). That is not my opinion
and advice only, but the opinion and advice of both
Microsoft AND computer experts.

I read computer magazines regularly and they never even
mention Win 9X anymore. It's all about 2K or XP.

Anyway, this isn't a popularity contest between operating
systems. MY ORIGINAL point is, users NEED to make
www.windowsupdate.microsoft.com their new best friend!




As a result of the Windows 98 retirement, businesses that
still have operating system in use face "an ever-
increasing risk of security breach for their entire
network," according to the AssetMetrix study.

The company advises businesses to retire all Windows 98
systems that are connected directly to the Internet.

White
Wed May 05 12:44:36 CDT 2004

Let me also add (that I forgot to add before) that many
digital cameras, printers, etc. etc. etc., the newer
devices NO LONGER WORK on Win 9x.

Why not upgrade to 2K or XP? It's a no-brainer.

White
Wed May 05 12:46:35 CDT 2004

>-----Original Message-----
>PLOINK

Ploink? Wow, what does ploink mean in your limited
language? What an INFORMATIVE post! You sure are making a
contribution here for all of us!

Too bad you can't comment on my previous post to you with
any intelligent comments and/or opinions based on concrete
facts.

zz
Wed May 05 13:20:53 CDT 2004

White Walls Black with Dirt wrote:
>>Actually worldwide more computers use Win 9x line of OS
>
> than the NT line.
>
> In any case, let's assume that worldwide, Win 9X is
> still "popular" (and I have articles to suggest that yes,
> many companies are still using 98).
>
> Microsoft ALREADY announced its intention to halt further
> distribution of Windows 98 and has no plans to continue
> producing security patches for Windows 98 even if a virus
> or worm outbreak targets that platform.
>
> Users should upgrade to a supported Windows operating
> system (meaning, WINDOWS 2K or XP). That is not my opinion
> and advice only, but the opinion and advice of both
> Microsoft AND computer experts.
>
> I read computer magazines regularly and they never even
> mention Win 9X anymore. It's all about 2K or XP.
>
> Anyway, this isn't a popularity contest between operating
> systems. MY ORIGINAL point is, users NEED to make
> www.windowsupdate.microsoft.com their new best friend!
>
>
>
>
> As a result of the Windows 98 retirement, businesses that
> still have operating system in use face "an ever-
> increasing risk of security breach for their entire
> network," according to the AssetMetrix study.
>
> The company advises businesses to retire all Windows 98
> systems that are connected directly to the Internet.
>
>
>

And there is debate about what MS owes their Win 9x customers. "Support"
may be dropped but some want MS forced to patch security holes just like
they do their newer OS. I am attending the MS Security meeting next
week, should be an interesting time.

Of course MS wants everyone to drop Win 9x and license something newer.
The stats show Office 97 still has over 20% of the installed Office
market and Office XP has not hit 15% of installed yet.

g-w

Paul
Wed May 05 15:44:22 CDT 2004

I have a network that is protected by a Microsoft SUS server. All my
machines receive the patches from Microsoft.

Patch 835732, the one that updates the lsass service to fix the buffer that
sasser is exploiting has screwed up MANY machines. 4 on my network will not
run with this patch. I have reported this to MS and they have not come out
with a solution so 4 of my machines are vulnerable to this worm and I have
no action to take.

Look around in this newgroup for 835732 posts and you will see this is a
problem.
I hope MS does not lose this lesson.

I need a new fix for lsass vulnerability.


"White Walls are Really Black" <anonymous@discussions.microsoft.com> wrote
in message news:8bd701c432bd$ff001620$a501280a@phx.gbl...
> Many users can still a lesson here regarding Sasser and
> Windows, and I hope this lesson is not lost on anyone
> here: Sasser is exploiting a known Windows flaw for which
> Microsoft issued a software patch THREE WEEKS AGO!
>
> The lesson: those who REGULARLY check for Windows updates
> (or let it automatically run on your computer) was NOT
> affected by Sasser.
>
> www.windowsupdate.microsoft.com is your friend, everyone!!!

Dave
Wed May 05 16:22:17 CDT 2004

look around in some other groups and several workarounds and i do believe a
new ms fix is now available. check the win2000.security and win2000.general
since i think those are the ones where the problem has been discussed the
most.

"Paul" <nobodyhere@yahoo.com> wrote in message
news:el%23hIHuMEHA.3208@TK2MSFTNGP10.phx.gbl...
> I have a network that is protected by a Microsoft SUS server. All my
> machines receive the patches from Microsoft.
>
> Patch 835732, the one that updates the lsass service to fix the buffer
that
> sasser is exploiting has screwed up MANY machines. 4 on my network will
not
> run with this patch. I have reported this to MS and they have not come
out
> with a solution so 4 of my machines are vulnerable to this worm and I have
> no action to take.
>
> Look around in this newgroup for 835732 posts and you will see this is a
> problem.
> I hope MS does not lose this lesson.
>
> I need a new fix for lsass vulnerability.
>
>
> "White Walls are Really Black" <anonymous@discussions.microsoft.com> wrote
> in message news:8bd701c432bd$ff001620$a501280a@phx.gbl...
> > Many users can still a lesson here regarding Sasser and
> > Windows, and I hope this lesson is not lost on anyone
> > here: Sasser is exploiting a known Windows flaw for which
> > Microsoft issued a software patch THREE WEEKS AGO!
> >
> > The lesson: those who REGULARLY check for Windows updates
> > (or let it automatically run on your computer) was NOT
> > affected by Sasser.
> >
> > www.windowsupdate.microsoft.com is your friend, everyone!!!
>
>

Torgeir
Wed May 05 19:25:42 CDT 2004

Paul wrote:

> Patch 835732, the one that updates the lsass service to fix the buffer that
> sasser is exploiting has screwed up MANY machines. 4 on my network will not
> run with this patch. I have reported this to MS and they have not come out
> with a solution so 4 of my machines are vulnerable to this worm and I have
> no action to take.
>
> Look around in this newgroup for 835732 posts and you will see this is a
> problem.
> I hope MS does not lose this lesson.
>
> I need a new fix for lsass vulnerability.
Hi

Use the dcpromo.log trick that was added to the MS04-011 security
bulletin yesterday, it closes the LSASS vulnerability.

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

From the revision list in the link above:

<quote>
V1.3 May 4, 2004: Added new information in the Workarounds section
for the LSASS Vulnerability.
</quote>


Note that 835732 in addition closes 13 other vulnerabilities,
the dcpromo.log trick does not add any protection for those.

--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx