Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] LLSSRV Redux

from [Dave Aitel] Network Security [Permanent Link]
Subject: [VulnWatch] LLSSRV Redux
Date: Thu, 17 Mar 2005 13:59:47 -0500

With regards to the LLSSRV advisory Immunity published yesterday, we would like to issue a clarification. There are two ways to get SP4 onto a Windows 2000 Advanced Server machine, as follows:
1. Download SP4 from microsoft.com via networked or express install
2. Obtain and install a Windows 2000 Advanced Server CD or CD image that includes SP4. This is available from the MSDN CD packages or online download site. You may also have obtained such a CD from a vendor or retailer.

The second way is vulnerable; the first way is not.

I.E. This advisory does not apply to Windows 2000 Advanced Server cases where Service Pack 4 was installed separately.

We apologize for any confusion and thank those who pointed out that installing SP4 manually will remove the registry key that allows for anonymous remote access.

Reference Image: http://www.immunitysec.com/downloads/win2kadvsrv_withSP4.jpg

Thanks,
Dave Aitel
VP Figureheads and Verbage
Immunity, Inc.


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] LLSSRV Redux, Dave Aitel <=
Previous by Date:  [VulnWatch] LLSSRV Clarifications [Immunity], Dave Aitel
Next by Date:  Linux ISO9660 handling flaws, Michal Zalewski
Previous by Thread:  [VulnWatch] LLSSRV Clarifications [Immunity], Dave Aitel
Next by Thread:  Linux ISO9660 handling flaws, Michal Zalewski
Indexes:  [Date] [Thread] [Top] [All Lists]