This is something that really worries me, I've heard it to. Also I am getting conflicting results when scanning for the patch installation. I've been using MBSA, GFI LANguard and Retina which all tell me something different. Which one should I trust?? Or is there something else I should be using? Thanks Mike -----Original Message----- From: Charles Hamby [mailto:fixerat_private] Sent: Tuesday, August 12, 2003 5:13 PM To: incidentsat_private Subject: MSBLASTER Infecting despite 03-026 patch? I have seen, and have heard other reports of, msblaster.exe worm infecting a Windows computer that had the proper KB patch specified by the 03-026 advisory. In the instance I personally saw it was a Windows XP Professional workstation that was completely patched. The person who used the workstation was surprised that they were infected since they has applied the patch and I verified (via Add/Remove Programs) that they did, indeed have the proper patch applied. I checked with my parent organization and they had been receiving sporadic reports of patched machines being infected despite being patched. Unfortunately I removed the worm from the computer without copying it so I don't have a backup of it for analysis. Has anyone else been seeing this phenomenon or do they have any idea why this might have or might be happening? I know for a fact the patch that was used came straight from Microsoft so I don't suspect a faulty patch. Charles Hamby ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 22:39:33 PDT