Core Issue
The Microsoft corporation announced a security vulnerability in its Windows Operating Systems (OS) that allows attacks by the W32.Blaster.Worm in these products:
- Cisco CallManager server and Cisco Conference Connection
- Cisco Emergency Responder
- Cisco IP Contact Center (IPCC) Express
- Personal Assistant (PA) applications
This security vulnerability is in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface.
Resolution
If your machine is not infected with the virus, prevent the virus from infecting your machine by performing one of these options:
- If you are running Cisco CallManager with WinOSUpgrade2000-2-4 version or earlier, upgrade to CallManager WinOS2000-2-4 and apply WinOS2000-2-4sr5.
- If you are running a Cisco CallManager version that already has WinOS2000-2-4, upgrade to CallManager WinOSUpgrade2000-2-4sr5.
- If you are running WinOSUpgradev2000-2-3 or WinOSUpgradev2000-2-4, apply the single hotfix MS03-026 to patch this particular bug.
After applying the patch, check for this registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run<
"windows auto update"="msblast.exe"
If this registry key is present, your system is probably already infected.
If your machine is infected, these upgrades will not remove the virus, and you need to perform these steps before you apply the Microsoft patch:
- Depending on your virus software, obtain either McAfee's latest Data Analysis Tool file 4284 (which has the virus removal definitions) or Norton's latest virus definitions.
Note: Norton is supported only for the Cisco CallManager application.
If your system is infected and does not have Norton or McAfee on the system, you can run Stinger v1.8.0., the stand alone virus removal tool.
- Upgrade Cisco CallManager to these releases. Make sure all downloads (MS03-026) for Cisco CallManager are from Cisco.com and not from Microsoft's web site.
For more information, refer to these documents:
