Oddly enough I am having some trouble tracking down what specific patch on a Windows XP pro box is actively protecting sethc.exe
I am not sure it its sp3 or an individual security update. Maybe its our trend micro thats protecting that file.
Does anyone know what specific patch from microsoft addressed this vulnerability and can point me exactly where I can read that?
Just for additional information, when I am logged onto the machine, when I rename sethc.exe to sethc_old.exe a new one is created with in seconds. This is obviously a protection against this type of attack.