Patching against the Conficker worm

The Win32Conficker worm takes advantage of a vulnerability in the Server service of pretty much all versions of Windows and allows a remote attacker to take control of the infected computer.

According to Microsoft "Most anti-virus software could detect and block the Conficker worm, so if you have updated anti-virus software on your computer, you are at a much lower risk of being infected by the Conficker worm."

However, it is also recommended to ensure your Windows OS is patched so that you are not vulnerable to the threat. In order to ensure you are patched against this nasty piece of work please follow the steps below...

1. Find out what version of Windows you are running

Hold down the Winlogo button (looks like the Windows icon) and tap once on R
Type "winver" and hit Enter
You will be able to read off what version of Windows you have, e.g. in the image below I can tell that I have Windows XP Professional with Service Pack 3.

2. Download the correct patch for your Windows version

Open the following website: www.artifact.ie/applications/security
Click on the correct patch version and choose "Save"
e.g. Conficker_XP_SP3_KB958644.exe

3. Apply the patch

Navigate to where you saved the patch and double-click it
Follow any on-screen prompts that appear

To find out more about Conficker have a look here:

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

Comments

Resolve WSUS Server issue that gives "Cannot save configuration because the server is still processing"

This is a pretty infuriating error and can sometimes crop up as a result of running a "wsusutil reset" command. First of all, give the server some time, and then a bit more... but you've probably already done this. These steps may help to resolve the situation: - Install Microsoft SQL Management Studio (free download) - Run SQL Management Studio and start to connect to the WSUS database - Enter this in the "Server Name" box: \\.\pipe\MICROSOFT##WID\tsql\query - Expand the "Databases" tree - Right-click on "SUSDB" and choose "New Query" - Paste this query in: UPDATE tbSingletonData SET ResetStateMachineNeeded = 0 - You should see a message like "1 row affected", which is good - Quit SQL Management Studio - Open "Services" and restart the "WSUS Service" - Now, open WSUS

Where are SCANPST.EXE and/or SCANOST.EXE?

I sometimes have to deal with customer computers whose Outlook PST or OST files have become corrupted. Very often the fix is to run SCANPST.EXE on the offending PST/OST file. However, every time I go to do this I forget where the two executable files are. Here is where they are on a Vista machine running Office 2007: C:\Program Files\Microsoft Office\Office12 I hope this helps.

DNS Dynamic Updates & DNS Scavenging

I was encountering an issue at a customer's site where the DNS records of their client PCs often would be behind or out of sync with the records in DHCP. Usually the IP address would be older in DNS and this was causing issues with scripts executing and network tools correctly resolving client PC hostnames to their correct IP addresses. I realised I needed to make some changes to their dynamic DNS updating configuration. After a lot of reading through Microsoft's documentation and various online forums, this is what I ended up configuring. Hopefully this may help someone, some day: - Make the DHCP server a member of the "DnsUpdateProxy" group - Create a new user account, in the "Users" OU, called "dnsdynamicupdates" - This new user only needs to be a member of the "Domain Users" group - no special privileges - Make the password strong and set it to never expire - Set this new user as the credentials used by the DCHP server in IPv4...

Artifact Weblog

Search This Blog