I have seen, and have heard other reports of, msblaster.exe worm infecting a
Windows computer that had the proper KB patch specified by the 03-026
advisory. In the instance I personally saw it was a Windows XP Professional
workstation that was completely patched. The person who used the
workstation was surprised that they were infected since they has applied the
patch and I verified (via Add/Remove Programs) that they did, indeed have
the proper patch applied. I checked with my parent organization and they
had been receiving sporadic reports of patched machines being infected
despite being patched. Unfortunately I removed the worm from the computer
without copying it so I don't have a backup of it for analysis.
Has anyone else been seeing this phenomenon or do they have any idea why
this might have or might be happening? I know for a fact the patch that was
used came straight from Microsoft so I don't suspect a faulty patch.
Windows computer that had the proper KB patch specified by the 03-026
advisory. In the instance I personally saw it was a Windows XP Professional
workstation that was completely patched. The person who used the
workstation was surprised that they were infected since they has applied the
patch and I verified (via Add/Remove Programs) that they did, indeed have
the proper patch applied. I checked with my parent organization and they
had been receiving sporadic reports of patched machines being infected
despite being patched. Unfortunately I removed the worm from the computer
without copying it so I don't have a backup of it for analysis.
Has anyone else been seeing this phenomenon or do they have any idea why
this might have or might be happening? I know for a fact the patch that was
used came straight from Microsoft so I don't suspect a faulty patch.
Charles Hamby
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
[ reply ]