Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSA protection against Blaster?

Have the CSA developers tested the out-of-the-box CSA

configuration for protection against blaster?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSA protection against Blaster?

An official release will be posted to www.cisco.com shortly, but in short (this is unofficial until it's been posted cause it may change):

- The default CSA 4.0 server and desktop policies stop successful execution of this attack

- On servers, the default server policy prevents the SVCHOST from attempting to execute CMD.exe. This prevents the exploit shell code from running.

- On desktop systems the default desktop policy prevents the SVCHOST from accepting a connection on port 4444. Additional protection is provided by the default policy's prevention of any application from executing CMD.exe

1 REPLY
Cisco Employee

Re: CSA protection against Blaster?

An official release will be posted to www.cisco.com shortly, but in short (this is unofficial until it's been posted cause it may change):

- The default CSA 4.0 server and desktop policies stop successful execution of this attack

- On servers, the default server policy prevents the SVCHOST from attempting to execute CMD.exe. This prevents the exploit shell code from running.

- On desktop systems the default desktop policy prevents the SVCHOST from accepting a connection on port 4444. Additional protection is provided by the default policy's prevention of any application from executing CMD.exe

95
Views
0
Helpful
1
Replies
CreatePlease to create content