Thanks for these. Just as the week was looking really lousy. :D
Printable View
Thanks for these. Just as the week was looking really lousy. :D
MS03-043 looks like a possible vector for a worm attack to me.
If the attacker can use a buffer overflow and get admin rights on the target PC, then you could make a self-spreading program (i.e. worm) using that vulnerability.. so maybe a MSBlast / Code Red / Whatever exploit could come about.
Oh well. At least you can disable the Messenger Service on the PCs on your LAN remotely.
Scanner tool by ISS released for MS03-043 vulnerability (Messenger service). Runs at command line and looks handy.
Comment from someone at ISS was:
Check it @ http://www.iss.net/support/product_utilities/ms03-043/Quote:
ISS has released a freeware utility to help scan for this vuln. We feel this vuln is pretty important -- at the same level as Blaster and Slammer. It is as wide-spread as the RPC/DCOM vuln exploited by Blaster, and it can easily lead to Slammer-style worms that slam out a flood of UDP traffic.
Interesting scanner tool. Yes it does the job, but it also sends a message to all computers missing the patch.
Which is great if you have half a dozen short, but not so bad when it is every machine in the building. :rolleyes:
Ho hum.
If the ISS tool doesn't quite do what you are looking for, how about the Foundstone tool. It allows you to remotely stop and disable the Messenger Service, assuming you have the proper rights. Definately speeds things up for admins on large networks where this service may be running.
http://www.foundstone.com/subsection...sengerscan.htm
** Warning newbie alert - this post may be rubbish **
HTRegz - I looked at the link, and downloaded the tool. It wouldn't unzip. After a while I tried to virus scan the file - just in case, you know.
And what do you know - it told me it was infected ( which may explain why it refused to unzip ).
Now I realise that these sort of tools need to emulate viruses. But then neither of my other scanners have virus alerts. Which worries me. Either this tool is falsely giving a virus alert, or it has become infected, or Foundstone are really trying to take over the world with their new secret weapon ( "we would have succeded too, if it wasn't for those meddling kids" ).
And in all of this, I wonder whether the availability of a useful tool to scan for particular vulnerabilities will mean another 2 months of tedious work for me ....
I've had the software on three PCs and had no alerts or warnings. However that doesn't say much, 1 PC was AVG Free, another was Command AV and the last was running eTrust, but as I said none of them have returned any warnings to me.
thanks for the heads up. Here's to another week of testing and patching.
I have emailed Foundstones support line about this. If they get back to me, I will report back. Unless they are trying to take over the world....
r8devil - a mere week. Oh what it must be to work in such a technologically advanced company. I reckon it will take us a week before we have worked out how to get these patches out to the easy half of our computers.
Didn't have any problems running the Foundstone tool.
eEye have a similar but more limited tool at http://www.eeye.com/html/Research/Tools/MSGSVC.html