
	Where results make sense

Topic: LSASS

Related Topics

Vostok Airlines

Dicta

Chongming Island

Miran Shah

	Memory usage by the Lsass.exe process on domain controllers that are running Windows Server 2003 or Windows 2000 Server
		Lsass memory usage on domain controllers has two major components: one fixed and one variable.
		The amount of memory that Lsass uses may vary, depending on the load on the computer.
		In Windows Server 2003, the memory model for LSASS is different and the amount of memory that is used by the cache is dynamic.
	support.microsoft.com /?kbid=308356 (1276 words)

	lsass.exe Windows process - What is it?
		This is not a virus, the Sasser worm attacks the lsass process and that is why your computer may shutdown, since the worm stops the lsass process from working
		Lsass is a normal windows system process, but it is part of a very large security hole in windows.
		lsass is a vital system file which can be afected by sasser virus and it causes system shutdown in 60 sec.
	www.neuber.com /taskmanager/process/lsass.exe.html (6288 words)

	ISS X-Force Database: win2k-lsass-ldap-dos(15700): Microsoft Windows 2000 Domain Controller LSASS LDAP message denial ...
		LSASS is a management interface for local security, domain authentication, and Active Directory processes.
		CERT Vulnerability Note VU#639428, Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages at http://www.kb.cert.org/vuls/id/639428.
		CVE-2003-0663: Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.
	xforce.iss.net /xforce/xfdb/15700 (366 words)

	virus discovered 5/11 - New Worm Mimics Sasser, Exploits LSASS Vulnerability : virus discovered 5/11
		According a Panda Software spokesperson, the vendor is not surprised to see the creation of a new virus that exploits the LSASS vulnerability.
		The company believes, though, that real problem is that many people are in possession of the code needed to exploit this security hole and incorporate it into their creations.
		Trend Micro reports that Worm_Sasser.F exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
	www.esecurityplanet.com /alerts/article.php/3352151 (1048 words)

	Viruslist.com - Malware Evolution: January - March 2005
		Malicious bots usually exploit the RPC DCOM and LSASS vulnerabilities, but there are bots that exploit as many as 8 vulnerabilities simultaneously.
		The critical LSASS vulnerability, first detected in April 2004, was the third key factor in the increase in botnets.
		Another reason for the relative calm on the virus front in 2005 is the fact that no new vulnerabilities as serious as the LSASS or RPC DCOM vulnerabilities have been detected in Windows so far this year.
	www.viruslist.com /en/analysis?pubid=162454316 (4182 words)

	Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)
		A buffer overrun vulnerability exists in LSASS that could allow remote code execution on an affected system.
		The update removes the vulnerability by modifying the way that LSASS validates the length of a message before it passes the message to the allocated buffer.
		The only effect on other Windows 2000 systems is that clients may not be able to log on to the domain if their domain controller stops responding.
	www.microsoft.com /technet/security/bulletin/MS04-011.mspx (10145 words)

	SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System
		ISC is aware of the LSASS Sasser worm.
		This worm is spreading through the MS04-011 (LSASS) vulnerability.
		The Microsoft LSASS vulnerability released on April 13, 2004 is currently being exploited in the wild.
	isc.sans.org /diary.php?date=2004-04-30 (548 words)

	Panda Software - Virus information
		Some variants of the Sdbot worm spread via the Internet by attacking random IP addresses.
		These variants attempt to exploit several vulnerabilities in Windows operating systems, such as RPC-DCOM, LSASS, etc.
		If they succeed in exploiting any of those vulnerabilities, they create and run a script, which downloads the worm via FTP.
	www.pandasoftware.com /virus_info/encyclopedia/overview.aspx?idvirus=56244 (134 words)

	Korgo Worm Targets LSASS Flaw
		Anti-virus firms have detected yet another worm exploiting the Local Security Authority Subsystem Service (LSASS) vulnerability that was patched by Microsoft (Quote, Chart) in its April batch of security updates.
		The appearance of the W32.Korgo.B worm (also known as Padobot) spreading through the LSASS flaw is a clear indication that PC users have not yet applied the MS04-011 security fix issued by Microsoft on April 13.
		According to research firm F-Secure, the network worm is capable of opening TCP ports 113, 3067 and 2041 to receive commands from the virus writers.
	www.internetnews.com /dev-news/article.php/3359681 (624 words)

	- 5/18: Bobax-A Exploits LSASS Vulnerability :
		If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
		W32.Bobax.A is a worm that exploits the LSASS vulnerability (described in Microsoft Security Bulletin MS04-011), according to Symantec.
		According to Trend Micro, Worm_Bobax.A exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
	www.esecurityplanet.com /alerts/article.php/3355261 (836 words)

	WORM_SASSER.A - Description and solution
		This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.
		Analysis and tests done on this malware show that it can execute and create registry entries on Windows 2003 server, but it fails to exploit the LSASS service in the said operating system version.
		Although Microsoft reports that the Windows 2003 Server is also vulnerable to the LSASS exploit, there may exist a code error within the malware exploit packet that prevents it from exploiting the LSASS vulnerability on the said platform.
	www.trendmicro.com /vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.A (309 words)

	Technorati Tag: lsass (Site not responding. Last check: 2007-10-26)
		A tag is like a subject or category.
		This page shows blog posts, photos, and links that have been tagged lsass.
		To contribute to this page, just post to your blog and include this code.
	www.technorati.com /tag/lsass (139 words)

	MS Windows LSASS Exploit Advisory - LURHQ
		Three days ago we published a threat in the LURHQ Threat Intelligence Portal detailing an exploit for the recent Microsoft LSASS vulnerability described in Microsoft Security Bulletin MS04-011.
		That code has already been incorporated into mass-exploiters and trojans, including the very prevalent Agobot trojan.
		In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
	www.lurhq.com /lsassadvisory.html (504 words)

	Lsass.exe definition, relationships, removal
		If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell.
		Is it possible to determine the virus (and its time of presence in PC) and the exact date and time the lsass.exe was infected?
		When I try downloading any file it gives me an error that my current security settings do not allow this file to be downloaded..I tried downloading the lsass.exe scanner & remover and am getting the same error..Active x control is enabled also..any one have a fix
	www.2-spyware.com /file-lsass-exe.html (1258 words)

	dBforums - lsass.exe keeps growing!
		By design, LSASS may consume up to 50% of the total system memory if other
		For the logon failure, make sure you are using TCP rather than Named Pipes.
		For the lsass memory consuming issue, I am sorry but i am not able to give
	www.dbforums.com /t516558.html (448 words)

	Problem with lsass.exe - PC-Media Tech Forums
		(no offence) Its not a virus, I know Lsass controls the security.
		Since you started this thread, it's become evident that the Sasser worm will crash lsass.
		With this in mind, you may want to revisit the option of wiping and starting from scratch again, and take the required precautions to keep stuff out till you install the SP and get the critical updates.
	forum.pcmech.com /showthread.php?t=96687 (493 words)

	lsass error - ITtoolbox Groups (Site not responding. Last check: 2007-10-26)
		command, I even tried to disable the lsass process got an error ?lsass not
		lsass error by goffery on 8/2/2004 12:08:00 PM -- current message
		lsass is an authentication service that is exploite...
	windows.ittoolbox.com /groups/.../windows-xp-pro-l/520833 (669 words)

	RAV AntiVirus - Win32/Cycle.A.worm Virus Description (Site not responding. Last check: 2007-10-26)
		This is a new internet worm exploiting the LSASS vulnerability patched in MS04-011 (romanian description).
		When executed, the worm will try to abort any unplanned shutdown (to hide effects of LSASS crashing).
		This will be used in the replication routine to avoid infecting the same site twice (if the remote site is accepting connections on this port, it is considered infected already).
	www.ravantivirus.com /virus/showvirus.php?v=216 (939 words)

	Search: lsass exe : MAC-NET
		Sasser worm spreads by scanning randomly chosen IP addressed for vulnerable system.
		...overflow vulnerability exists in the LSASS service that could allow remote code execution on an affected system.
		File: lsass or lsass.exe Process Name: Local Security Authority...
	www.mac-net.com /610088.page (317 words)

	ISS X-Force Database: win-lsass-bo(15699): Microsoft Windows LSASS buffer overflow
		ISS X-Force Database: win-lsass-bo(15699): Microsoft Windows LSASS buffer overflow
		Microsoft Windows 2000, XP, Windows Server 2003 and Windows XP 64-Bit Edition 2003 are vulnerable to a buffer overflow in the Local Security Authority Subsystem Service (LSASS), caused by improper bounds checking.
		By sending a specially-crafted message to the affected system, a remote attacker could overflow a buffer and execute arbitrary code on the system.
	xforce.iss.net /xforce/xfdb/15699 (376 words)

	LSASS exploit (sxp) attack
		Topic: LSASS exploit (sxp) attack (Read 1057 times)
		I updated avast to avast 4.6.603 and he detect me (from "bouclier reseau" an entering connection : "LSASS exploit (sxp) attack from 82.127.189.130:445 " blocked
		Page created in 0.114 seconds with 18 queries.
	forum.avast.com /index.php?topic=11444.0 (511 words)

	Exploit Circulating For Windows LSASS Vulnerability
		An exploit has begun circulating for another of the vulnerabilities in Windows revealed by Microsoft Corp. earlier this month.
		The vulnerability, a buffer overrun in the Local Security Authority Subsystem Service (LSASS), was patched as part of a large, cumulative update coded MS04-011.
		The exploit takes the form of a new variant of the Gaobot worm.
	www.eweek.com /article2/0,1759,1580041,00.asp (801 words)

	LSASS.EXE and CRSS.EXE how do i remove?
		Microsoft has verified that the worm exploits the Local Security Authority Subsystem Service (LSASS)"
		And both the extensive directions above for removal are from Symantec and McAfee and refer to LSASS.
		CRSS, on the other hand, can be exploited but is probably not a virus.
	pro-networks.org /forum/viewtopic.php?p=257206&... (576 words)

	What You Should Know About Sasser
		If your computer keeps shutting down, print these instructions for yourself, or to help a friend:
		The Sasser worm (W32.Sasser.A and its variants) targets a security issue with the Local Security Authority Subsystem Service (LSASS) that Microsoft addressed with a released security update.
		Sasser targets computers with out-of-date software, and those computers remain at risk of infection until the update is installed.
	www.microsoft.com /sasser (463 words)

Try your search on: Qwika (all wikis)