August 2003

Welcome to our Customer Newsletter for August! This newsletter covers the latest virus threats and operating system defects.

    
  
  What You Should Know About the Blaster Worm.
  









Contact Sales !

 
 

Who Is Vulnerable?
At 11:34 A.M. Pacific Time on August 11, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm has been identified that exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026.

Users of the following products are vulnerable to infection by this worm:
- Microsoft® Windows NT® 4.0
- Microsoft Windows® 2000
- Microsoft Windows XP
- Microsoft Windows Server™ 2003

How to Tell If Your Computer Is Infected
While some customers may not notice the presence of the worm infection at all on their computer systems, typical symptoms may include Windows XP and Windows Server 2003 systems rebooting every few minutes without user input or Windows NT 4.0 and Windows 2000 systems becoming unresponsive.

    
    Click on this link to access a Microsoft Patch
    
  Symantec offers the best Removal Tool    
 
W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit (if not properly patched), the worm is not coded to replicate to those systems. This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and then execute it. The worm has no mass-mailing functionality.

Users are recommended to block access to TCP port 4444 at the firewall level, and then block the following ports, if they do not use the applications listed:

TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service (DoS) on the Microsoft Windows Update Web server (windowsupdate.com). This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.

Click here for more information on the vulnerability that this worm exploits, and to find out which Symantec products can help mitigate risks from this vulnerability.

    
 

Security Response

  

   
   Need Help ?
 

We can help you or your company. Give us a call.

Call:847.214.8200 Cell:847.971.8224

    
       
       
       
 
 
 

To UNSUBSCRIBE
To unsubscribe reply to this message with "remove" in the subject line.

  
Privacy   ©2003  Virtual Tech, Inc.. thenextsolution.com