[Dshield] How to get patched without getting infected?
Johannes B. Ullrich
jullrich at sans.org
Sat Aug 16 20:47:10 GMT 2003
This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
Prefered way: Burn the patch, and to make sure the scanner/cleanup kit,
to a CD. Use this CD to install the patch (see the Microsoft blaster
page. There is a link to it from the top right corner of microsoft.com)
Alternative: First close the XP firewall, then connect the system and
download the patch. Again, the MSFT "Blaster page" has more detailed
On Sat, 2003-08-16 at 16:27, Jon R. Kibler wrote:
> First, let me preface this with I am not a Windows expert by any means... (we are primarily a Solaris shop and we only have a few old NT/4.0 systems that we are slowly getting rid of, and these are on an isolated internal network behind several fire walls) so this question never occurred to me:
> I just had someone call who said that they had a PC using Windows/XP that was unpatched. They had not been on the Internet since last weekend. However, now they were afraid to go on the Internet because of the worm. They wanted to know how they could patch their system without first going on the Internet to get the patch and risk getting infected while downloading the patch.
> I am clueless how to answer their question... any thoughts?
> Also, is the old URL Microsoft gave for the DCOM patch still usable?
> Jon R. Kibler
> A.S.E.T., Inc.
> Charleston, SC USA
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
d1IWo6LC/T7EX+eYUoC9sQk-----END PGP SIGNATURE-----
More information about the list