[unisog] zotob and returning students, what are you going to do?
michael.holstein at csuohio.edu
Fri Aug 19 18:25:24 GMT 2005
> I think you've got a couple different things confused. As I understand
> it, Zotob goes after the MS05_039 vuln, which seems to be pretty well
> protected by XP SP2. And msdss.dll is related to the IE vuln. I don't
> think that XP SP2 buys you any protection for the msdss vuln.
Correct. Zotob attacks Umpnpmgr.dll (why Microsoft chose to make
plug-and-play network aware is beyond me .. since that service is
different from uPNP which was *designed* for such things).
In 2000, it's exploitable unauthenticated.
In XPsp1, it requires a valid user
In XPsp2, it requires a valid user with 'log on locally' rights.
The current code that's circulating goes after the 'low-hanging' fruit
.. namely, all versions of Windows 2000. XP isn't "secure" against
MS05-039, but the current versions of Zotob don't infect XP (yet).
The msdss.dll vulnerability depends on the version of msdss.dll, not the
operating system. What version of msdss.dll you have depends on which
'other' product you have installed, and what version.
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog