|
-
October 16th, 2003, 09:48 AM
#11
Member
Thanks for these. Just as the week was looking really lousy. 
-
October 16th, 2003, 05:09 PM
#12
MS03-043 looks like a possible vector for a worm attack to me.
If the attacker can use a buffer overflow and get admin rights on the target PC, then you could make a self-spreading program (i.e. worm) using that vulnerability.. so maybe a MSBlast / Code Red / Whatever exploit could come about.
Oh well. At least you can disable the Messenger Service on the PCs on your LAN remotely.
-
October 16th, 2003, 06:59 PM
#13
Scanner tool by ISS released for MS03-043 vulnerability (Messenger service). Runs at command line and looks handy.
Comment from someone at ISS was:
ISS has released a freeware utility to help scan for this vuln. We feel this vuln is pretty important -- at the same level as Blaster and Slammer. It is as wide-spread as the RPC/DCOM vuln exploited by Blaster, and it can easily lead to Slammer-style worms that slam out a flood of UDP traffic.
Check it @ http://www.iss.net/support/product_utilities/ms03-043/
-
October 17th, 2003, 02:37 PM
#14
Member
Interesting scanner tool. Yes it does the job, but it also sends a message to all computers missing the patch.
Which is great if you have half a dozen short, but not so bad when it is every machine in the building. 
Ho hum.
-
October 18th, 2003, 12:41 PM
#15
If the ISS tool doesn't quite do what you are looking for, how about the Foundstone tool. It allows you to remotely stop and disable the Messenger Service, assuming you have the proper rights. Definately speeds things up for admins on large networks where this service may be running.
http://www.foundstone.com/subsection...sengerscan.htm
-
October 20th, 2003, 11:43 AM
#16
Member
** Warning newbie alert - this post may be rubbish **
HTRegz - I looked at the link, and downloaded the tool. It wouldn't unzip. After a while I tried to virus scan the file - just in case, you know.
And what do you know - it told me it was infected ( which may explain why it refused to unzip ).
Now I realise that these sort of tools need to emulate viruses. But then neither of my other scanners have virus alerts. Which worries me. Either this tool is falsely giving a virus alert, or it has become infected, or Foundstone are really trying to take over the world with their new secret weapon ( "we would have succeded too, if it wasn't for those meddling kids" ).
And in all of this, I wonder whether the availability of a useful tool to scan for particular vulnerabilities will mean another 2 months of tedious work for me ....
-
October 20th, 2003, 11:52 AM
#17
I've had the software on three PCs and had no alerts or warnings. However that doesn't say much, 1 PC was AVG Free, another was Command AV and the last was running eTrust, but as I said none of them have returned any warnings to me.
-
October 20th, 2003, 12:38 PM
#18
thanks for the heads up. Here's to another week of testing and patching.
-
October 20th, 2003, 02:26 PM
#19
Member
I have emailed Foundstones support line about this. If they get back to me, I will report back. Unless they are trying to take over the world....
r8devil - a mere week. Oh what it must be to work in such a technologically advanced company. I reckon it will take us a week before we have worked out how to get these patches out to the easy half of our computers.
-
October 20th, 2003, 02:53 PM
#20
Didn't have any problems running the Foundstone tool.
eEye have a similar but more limited tool at http://www.eeye.com/html/Research/Tools/MSGSVC.html
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
