MS04-011_LSASS_EXPLOIT




發現日期: Apr 12, 2004
風險: 重要的
描述:


This buffer overrun vulnerability in the Local Security Authority Subsystem Service (LSASS) allows remote code execution. Once successfully exploited, a remote attacker is able to gain full control of the affected system. It may be used by a malware to perform malicious activities, such as accessing and modifying the file system and replication.

LSASS provides an interface for managing local security, domain authentication, and Active Directory processes. It handles authentication for both the client and the server. It also contains features used to support Active Directory utilities.

Microsoft has posted more information about this vulnerability, among others, in their Security Bulletin MS04-011.


修正程式資訊:


IMPORTANT NOTE:

This detection is not a detection for the vulnerability of your machine. If you got this warning, it is an indication that a malicious piece of code passed through your network or your machine, but was detected by Trend Micro as MS04-011_LSASS_EXPLOIT.

If you have patched your system against the LSASS Vulnerability, then your system should be safe from the damage that may be brought about by this exploit code.

Otherwise, you can look up the patch information for your Windows version on this site. Trend Micro advises users to refrain from using their system until it has been completely patched against this vulnerability.

Trend Micro Solution

Users of Trend Micro PC-cillin Internet Security and Network VirusWall can detect this exploit at the network layer with Network Virus Pattern (NVP) 10180, or later.

Download the latest NVW pattern file from the following site:

http://www.trendmicro.com/download/product.asp?producti d=45

Disabling Network Virus Emergency Center Pop-ups

If you have already patched your system, and want to turn the pop-up messages off, please refer to the following Knowledge Base solutions:

For PC-cillin Internet Security 2005 Users:
Knowledge Base Solution ID 22606

For PC-cillin Internet Security 2004 Users:
Knowledge Base Solution ID 22608

Note: Disabling the network virus pop-up display option means you will not be alerted for ALL network attacks to your system, not just this particular exploit attack.


電腦經常會收到攻擊的警告..= =..這有用嗎..