Search
Keyword: microsoft security bulletin ms03-007
Modifications This Worm deletes the following files: {malware name}:Zone.Identifier It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center FirewallDisableNotify = 1
" (Note: The default value data of the said registry entry is Y .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center
registry entry is Y .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusDisableNotify = "1" HKEY_LOCAL_MACHINE
Microsoft addresses 75 vulnerabilities in its March security bulletin. Trend Micro Deep Security covers the following: CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability Risk
following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ System DisableRegistryTools = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\Security Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center FirewallOverride = "1" Other Details This Trojan connects to the following possibly
CVE-2010-2563 This security update addresses a vulnerability in Microsoft Windows that could allow remote code execution if a user opened a specially crafted file using WordPad. Windows Server 2003
CVE-2010-1900,CVE-2010-1901,CVE-2010-1902,CVE-2010-1903 This security update addresses four Microsoft Office vulnerabilities that could allow remote code execution once a user opens a specially
* indicates a new version of an existing rule Deep Packet Inspection Rules: FTP Server WarFTPd 1003718* - WarFTP Daemon Format String Denial Of Service Microsoft Office 1008746* - Microsoft Office
Microsoft addresses vulnerabilities in its June security bulletin. Trend Micro Deep Security covers the following: CVE-2019-0985 - Microsoft Speech API Remote Code Execution Vulnerability Risk
system's memory: explorer Other System Modifications This backdoor adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ System EnableLUA = "0" Other
Microsoft addresses several vulnerabilities in its March security bulletin. Trend Micro Deep Security covers the following: CVE-2020-0824 - Internet Explorer Memory Corruption Vulnerability Risk
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service
\SOFTWARE\Microsoft\ Security Center AntiVirusDisableNotify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center
CVE-2014-4113,CVE-2014-4148 This bulletin resolves two vulnerabilities in several Windows operating versions. The two vulnerabilities are related to TrueType Font Parsing and kernel-mode driver
(Note: The default value data of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusDisableNotify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center
of the said registry entry is 2 .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusDisableNotify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = "1
* indicates a new version of an existing rule Deep Packet Inspection Rules: DHCPv6 Server 1008668* - Dnsmasq Information Leak Vulnerability (CVE-2017-14494) DNS Client 1008666* - Microsoft Windows
" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Security Center AntiVirusOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Security Center UpdatesOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE
2000, XP, and Server 2003, and C:\ProgramData in Windows Vista and 7.) It creates the following folders: %All Users Profile%\Application Data\{random folder name} %Start Menu%\Programs\Antivirus Security