Feeds

Faulty CA update crashes Win 2003 servers

Collateral damage

High performance access to file storage

A faulty signature update to CA's antivirus software created headaches for sys admins last week after the software falsely identified a Windows 2003 component as malware.

Win 2003 servers crashed and failed to reboot once the faulty (30.3.3054) update to CA's eTrust software was applied because the software wrongly flagged legitimate Lsass.exe files as the low-impact Lassrv-B Trojan.

In default configurations, CA's software deleted the LSASS Windows Service component causing systems to lock-up

CA acting promptly to issue a corrected update but not before a number of users were hit by the inadvertent error, the SANS Institute reports.

CA and Microsoft have both published advisories (here and here) explaining the steps sys admins needed to take in order to restore systems.

Lassrv-B, first identified on 24 August, is spreading in the wild, albeit modestly. The issue with CA's eTrust update was confined to Win 2003 users. CA users using other versions of Windows were left untouched by the problem. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.