Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Microsoft Windows Malicous Software Removal Tool

from [JOE DANCE] Network Security [Permanent Link]
Subject: Microsoft Windows Malicous Software Removal Tool
Date: Mon, 7 Feb 2005 09:48:46 -0500 
During the month of January 2005, Microsoft apparently released something 
called the "Microsoft Windows Malicous Software Removal Tool", not to be 
confused with the beta version of Microsoft Antispyware. I don't recall seeing 
any discussion or articles on this software.

This application was announced by KB890830.  According to the info in KB890830, 
the tool can be installed through Windows Updates or Automatic Updates, or GPO 
or SMS.  Alternatively, it can also be run online, or downloaded and run from 
the command line or script.  A link to the download page can be found in the KB 
article.

There is also a website dedicated to the product, and updates are supposed to 
be released on the second Tuesday of each month, probably along with other 
updates.  The current version works only with Windows XP.

So far, I have noticed four issues of concern:
1.  No such updates have been mentioned in this month's (Feb)advance notice of 
updates, nor was the tool's release included in the Jan 2005 summary of 
security bulletins.

2.  KB890830 does NOT describe how to run it from the command line.  The result 
of installing it from WU, is that we now have a utility installed that we 
cannot run.  We may be able to figure it out, but it would have been so much 
easier if MS had included the executable filename in the KB article.

3.  The download page ( 
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
 )does not inlcude the download button, so the tool cannot be downloaded and 
saved to disk.

4.  The tool did NOT download to our SUS server with other updates, and install 
automatically on our client workstations.  Arguably, any updates that work 
through AU should have downloaded for distribution via SUS.  However, we only 
discovered it by going to Windows Updates.

We have not, so far, tried running it from the website.

I thought I would share this information, and hope that someone could point me 
in the right direction if I happen to have overlooked anything, or to be 
otherwise in error.  However, the situation currently appears to be as 
described above.

Joe Dance
University of South Carolina





________________________________________________________________
Sent via the WebMail system at darla.moore.sc.edu




---
[This E-mail scanned for viruses by Declude Virus]

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an 
Anti-Virus product which automatically notifies the perceived sender of a 
message it believes is infected may well cause more harm than good. Someone who 
did not actually send you a virus may receive the notification and scramble 
their support staff to find an infection which never existed in the first 
place. Suggest such notifications be disabled by whomever is responsible for 
your AV, or at least that the idea is considered.
--
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability, Rafel Ivgi
Next by Date:  MinorRev: Microsoft Security Bulletin MS04-035 - Vulnerability in SMTP Could Allow Remote Code Execution (885881), Russ Cooper
Previous by Thread:  [Full-Disclosure] Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability, Rafel Ivgi
Next by Thread:  Re: Microsoft Windows Malicous Software Removal Tool, Rick Klinge
Indexes:  [Date] [Thread] [Top] [All Lists]