[unisog] zotob and returning students, what are you going to do?

Mark Wilson wilsodm at auburn.edu
Fri Aug 19 16:52:45 GMT 2005

Can someone clarify some things about this vulnerablity and remediation
measures?  According to http://isc.sans.org/ "You are only vulnerable if
you have msdds.dll installed on your system.   The vulnerable version
is: 7.0.9064.9112 . Later versions are not vulnerable (in particular

A couple of questions:
1. Is Windows XP SP2 vulnerable (seems like I have read it is not
vulnerable)?  What if the vulnerable version of msdds.dll is on the XP
2. If the NON-vulnerable dll is installed , does the kill bit have to
be set?

Mark Wilson
GCIA, CISSP #53153
Network Security Specialist
Auburn University
(334) 844-9347

>>> marchany at vt.edu wrote on 8/19/2005 9:12:20 AM:
> whatever the problems with XP, the majority of zotob hits here have 
> been on 
> faculty/staff systems not student systems. We're in the middle of 
> student 
> checkin and most of the students have XP SP2 systems. They also have
> run a 
> VTNET CD before they connect to our net. That CD makes sure the FW is

> up, auto 
> updates are set and the latest AV software is installed. We're hoping

> our 
> security sessions during freshman orientation have taken hold. They 
> appear to 
> have done so last year.
> We're using the York U scanner and Nessus plugins to sweep our nets 
> hourly.
> Of course, we have to deal with vendor software that enables
> for 
> the FW.....
> 	-r.
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org 
> http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Mark Wilson.vcf
Url: http://www.dshield.org/pipermail/unisog/attachments/20050819/450c73fe/MarkWilson.bat

More information about the unisog mailing list