For MS06-040 you can use the tool from eeye.com to ID vulnerable machines:
http://www.eeye.com/html/resources/downloads/audits/NetApi.html
Alex Alborzfard wrote:
What about MS06-040? I've heard it's a nasty one like blaster.
DHS has already issued a recommendation to apply this patch.
I remember using a utility tool that would list all applied patches on a
Windows box with all kind of information.
Anyone has ever used or knows anything about it?
Alex
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, August 08, 2006 1:55 PM
To: [email protected]
Subject: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability
in DNS Resolution Could Allow Remote Code Execution
One of 12 today...but since it's DNS related
Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution
Could Allow Remote Code Execution (920683):
http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx
For an attack to be successful the attacker would either have to be on a
subnet between the host and the DNS server or force the target host to
make a DNS request to receive a specially crafted record response from
an attacking server.
(and Brett...just a FYI... in my twig forest... any attacker that ends
up on a subnet between a host and my DNS server [aka the Kitchen sink
service server] ... that attacker is dead meat and has a 2x4 aimed his
way... one advantage of being little)
Your patch folks may be calling up you AD guys for testing passes.
Workarounds:
*Block DNS related records at network gateways*
Blocking the following DNS record types at network gateways will help
protect the affected system from attempts to exploit this vulnerability.
*
ATMA
*
TXT
*
X25
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
