G
Guest
Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Hi !
Since December the 18th, my firewall (Kerio) often detects that an
application tries to replace my Lsass.exe file by another one named "Lsass.
exe (export)" (or something like that). I denied the change so far, but the
application replacement still pop up regulary.
I cautiously checked my "Windows XP auto update" and discovered that my
system downloaded 4 patches on December the 17th. One of those patches
(KB885835) was about patching some security breach in lsass.exe.
Before allowing the file replacement, I'd like to be sure that this is no
security attack (Lsass.exe beeing known for getting targetted by some
"lsasser worm"), and that this file replacement IS the result of the Windows
update downloaded 2 days ago.
Thanks for all help on that subject (and sorry for my poor english)
Hi !
Since December the 18th, my firewall (Kerio) often detects that an
application tries to replace my Lsass.exe file by another one named "Lsass.
exe (export)" (or something like that). I denied the change so far, but the
application replacement still pop up regulary.
I cautiously checked my "Windows XP auto update" and discovered that my
system downloaded 4 patches on December the 17th. One of those patches
(KB885835) was about patching some security breach in lsass.exe.
Before allowing the file replacement, I'd like to be sure that this is no
security attack (Lsass.exe beeing known for getting targetted by some
"lsasser worm"), and that this file replacement IS the result of the Windows
update downloaded 2 days ago.
Thanks for all help on that subject (and sorry for my poor english)