Solved: Re: CSA protection against Blaster?

jeff.k · ‎08-12-2003

Have the CSA developers tested the out-of-the-box CSA

configuration for protection against blaster?

gfullage · ‎08-12-2003

An official release will be posted to www.cisco.com shortly, but in short (this is unofficial until it's been posted cause it may change):

- The default CSA 4.0 server and desktop policies stop successful execution of this attack

- On servers, the default server policy prevents the SVCHOST from attempting to execute CMD.exe. This prevents the exploit shell code from running.

- On desktop systems the default desktop policy prevents the SVCHOST from accepting a connection on port 4444. Additional protection is provided by the default policy's prevention of any application from executing CMD.exe

View solution in original post

gfullage · ‎08-12-2003

An official release will be posted to www.cisco.com shortly, but in short (this is unofficial until it's been posted cause it may change):

- The default CSA 4.0 server and desktop policies stop successful execution of this attack

- On servers, the default server policy prevents the SVCHOST from attempting to execute CMD.exe. This prevents the exploit shell code from running.

- On desktop systems the default desktop policy prevents the SVCHOST from accepting a connection on port 4444. Additional protection is provided by the default policy's prevention of any application from executing CMD.exe