-
1
- #1
I have not verified this, but came accross it on F-Secures website and thought it might be helpful to someone....
One sideffect of Sasser worm's spreading is that it crashes LSASS.EXE which forces Windows to reboot. This makes it rather difficult to fetch and install the required security patch.
A simple workaround can be implemented to prevent LSASS.EXE from crashing. The following file must be created with Read-Only attribute set:
%SystemRoot%\Debug\dcpromo.log
where %SystemRoot% is the Windows Directory (typically C:\WINDOWS or C:\WINNT).
Since the MS04-011 vulnerability is in a debug print code, if the debug log file can not be opened the vulnerable code part will not be executed.
One sideffect of Sasser worm's spreading is that it crashes LSASS.EXE which forces Windows to reboot. This makes it rather difficult to fetch and install the required security patch.
A simple workaround can be implemented to prevent LSASS.EXE from crashing. The following file must be created with Read-Only attribute set:
%SystemRoot%\Debug\dcpromo.log
where %SystemRoot% is the Windows Directory (typically C:\WINDOWS or C:\WINNT).
Since the MS04-011 vulnerability is in a debug print code, if the debug log file can not be opened the vulnerable code part will not be executed.