Blaster / Love San Worm - Info & Patches

As you are probably aware, there is a new worm on the block - known as "Blaster" or "Love San". The news reports I have heard understated scope of vulnerable computers. The worm targets the following versions of Windows:

* Windows NT 4.0
* Windows NT 4.0 Terminal Services Edition
* Windows XP
* Windows Server 2003

(Windows 95/98/Me computers are not at risk.)

Microsoft originally released this bulletin and patch on July 16, 2003, to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. Customers who have already installed the patch (for example, using WindowsUpdate) are protected from attempts to exploit this vulnerability and need take no further action.

If you see the messages "svchost.exe error" or "The RPC process has terminated unexpectedly" or if your Windows XP computer reboots itself automatically, your computer may already be infected.

For your convenience, I have included links to Microsoft's download sites for you to download and apply the patch if you want to apply it yourself. Otherwise contact me to schedule a time for me to apply the patch. (This patch requires a reboot of the computer once it is applied.)

Windows NT 4.0 - Download Patch
from Microsoft	from MK Networking

Windows 2000 - Download Patch
from Microsoft	from MK Networking

Windows XP - Download the Patch
from Microsoft	from MK Networking

Windows 2003 Server - Download Patch
from Microsoft	from MK Networking

This vulnerability can also be fixed using Windows Update.

This vulnerability and the patch is discussed in detail in the following Microsoft Knowledge Base bulletin - "Q823980 - MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution"

Read what Microsoft has to say about this problem and the patch at http://www.microsoft.com/technet/security/bulletin/MS03-026.asp