Patching against the Conficker worm

The Win32Conficker worm takes advantage of a vulnerability in the Server service of pretty much all versions of Windows and allows a remote attacker to take control of the infected computer.

According to Microsoft "Most anti-virus software could detect and block the Conficker worm, so if you have updated anti-virus software on your computer, you are at a much lower risk of being infected by the Conficker worm."

However, it is also recommended to ensure your Windows OS is patched so that you are not vulnerable to the threat. In order to ensure you are patched against this nasty piece of work please follow the steps below...

1. Find out what version of Windows you are running

Hold down the Winlogo button (looks like the Windows icon) and tap once on R
Type "winver" and hit Enter
You will be able to read off what version of Windows you have, e.g. in the image below I can tell that I have Windows XP Professional with Service Pack 3.

2. Download the correct patch for your Windows version

Open the following website: www.artifact.ie/applications/security
Click on the correct patch version and choose "Save"
e.g. Conficker_XP_SP3_KB958644.exe

3. Apply the patch

Navigate to where you saved the patch and double-click it
Follow any on-screen prompts that appear

To find out more about Conficker have a look here:

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

Comments

Resolve WSUS Server issue that gives "Cannot save configuration because the server is still processing"

This is a pretty infuriating error and can sometimes crop up as a result of running a "wsusutil reset" command. First of all, give the server some time, and then a bit more... but you've probably already done this. These steps may help to resolve the situation: - Install Microsoft SQL Management Studio (free download) - Run SQL Management Studio and start to connect to the WSUS database - Enter this in the "Server Name" box: \\.\pipe\MICROSOFT##WID\tsql\query - Expand the "Databases" tree - Right-click on "SUSDB" and choose "New Query" - Paste this query in: UPDATE tbSingletonData SET ResetStateMachineNeeded = 0 - You should see a message like "1 row affected", which is good - Quit SQL Management Studio - Open "Services" and restart the "WSUS Service" - Now, open WSUS

Re-arm ESXI Evaluation License

Needed to get a little more time out of my ESXI trial so that I could migrate it to Hyper-V. This pair of commands came in very handy and gave another 60 days: rm -f /etc/vmware/vmware.lic /etc/vmware/license.cfg reboot To use them, you need to: Put your ESXI server into Maintenance Mode Enable Secure Shell access (SSH) Enable Console Access Then ssh to the server (in Windows 11 you can just type ssh username@serveripaddress and then enter password) Otherwise, you could use something like PuTTY ( https://www.putty.org/ ) Hope this helps.

Turn off "BitLocker waiting for activation"

This can be a pain when attempting to "sysprep" a PC's storage drive (usually the C: drive) or take an image of it using something like Acronis SnapDeploy. In such cases, the software will complain about this BitLocker status. I keep forgetting about this every time I go to take an image! It isn't immediately obvious how to get around the issue... do you go for "Turn on BitLocker" and then turn if off when it has finished encrypting the drive? Well you probably could if you had the time, but there's an easier way. Using the "manage-bde" tool via an administrative command line gives lots more options, and allows this to be turned off. Tip: handy way to open an admin command line is to hit W + R, then type "cmd" and then hit CRTL + Shift + Enter. Typing "manage-bde -status" will show you some more detail, but the command you need is: manage-bde -off c: This may take some time, depending on how much of the drive has already...

Artifact Weblog

Search This Blog