Good to know. Adds some load on the server though. Yes, but WD has also a cool feature under Tools that lists your current TCP/IP and Winsock connections. I thought I could see the patches there also.
Yes I think that tool was WMI-based. Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, August 11, 2006 1:04 PM To: [email protected] Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution We put WSUS on our SBS boxes (you know the ones with the kitchen sink service running?) ..that's a DC ...it doesn't need a dedicated server to do it's job. Windows defender is just an anti spyware program. WMI scripting will tell you what patches are installed now. Alex Alborzfard wrote: > Yes I'm aware of both tools. WSUS requires dedicated server and > configuration. > MBSA doesn't list installed patches, date of application, versions, etc. > It basically tells you what is missing. > I was talking about a tool that I can run from my PC, which I have used > in the past. I think you could also remove the patch or roll it back > right from the interface. For some reason I thought it was Windows > Defender, but I installed it and it doesn't have that capability. > > No I'm not managing patching in our networks...well not yet anyway! > I'm just trying to raise the flags, so to speak. > > Alex > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, > CPA aka Ebitz - SBS Rocks [MVP] > Sent: Friday, August 11, 2006 11:53 AM > To: [email protected] > Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 > Vulnerability in DNS Resolution Could Allow Remote Code Execution > > E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : The threats and > risk level today: > http://msmvps.com/blogs/bradley/archive/2006/08/10/107303.aspx > > > Alun's "Holy Crap" post: > Tales from the Crypto : How do I rate today's patches?: > http://msmvps.com/blogs/alunj/archive/2006/08/08/107097.aspx > > > MBSA -http://www.microsoft.com/technet/security/tools/mbsahome.mspx > > WSUS - > http://www.microsoft.com/windowsserversystem/updateservices/default.mspx > > You are managing patching in your networks now right? > > Alex Alborzfard wrote: > >> Thanks John this is really helpful, though only for this >> > vulnerability. > >> Alex >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of John Singler >> Sent: Friday, August 11, 2006 11:22 AM >> To: [email protected] >> Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 >> Vulnerability in DNS Resolution Could Allow Remote Code Execution >> >> For MS06-040 you can use the tool from eeye.com to ID vulnerable >> machines: >> >> http://www.eeye.com/html/resources/downloads/audits/NetApi.html >> >> Alex Alborzfard wrote: >> >> >>> What about MS06-040? I've heard it's a nasty one like blaster. >>> DHS has already issued a recommendation to apply this patch. >>> >>> I remember using a utility tool that would list all applied patches >>> > on > >>> >>> >> a >> >> >>> Windows box with all kind of information. >>> Anyone has ever used or knows anything about it? >>> >>> Alex >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of Susan >>> >>> >> Bradley, >> >> >>> CPA aka Ebitz - SBS Rocks [MVP] >>> Sent: Tuesday, August 08, 2006 1:55 PM >>> To: [email protected] >>> Subject: [ActiveDir] Microsoft Security Bulletin MS06-041 >>> >>> >> Vulnerability >> >> >>> in DNS Resolution Could Allow Remote Code Execution >>> >>> One of 12 today...but since it's DNS related >>> >>> Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution >>> Could Allow Remote Code Execution (920683): >>> http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx >>> >>> For an attack to be successful the attacker would either have to be >>> > on > >>> >>> >> a >> >> >>> subnet between the host and the DNS server or force the target host >>> > to > >>> >>> >> >> >>> make a DNS request to receive a specially crafted record response >>> > from > >>> >>> >> >> >>> an attacking server. >>> >>> (and Brett...just a FYI... in my twig forest... any attacker that >>> > ends > >>> >>> >> >> >>> up on a subnet between a host and my DNS server [aka the Kitchen sink >>> > > >>> service server] ... that attacker is dead meat and has a 2x4 aimed >>> > his > >>> >>> >> >> >>> way... one advantage of being little) >>> >>> Your patch folks may be calling up you AD guys for testing passes. >>> >>> Workarounds: >>> >>> *Block DNS related records at network gateways* >>> >>> Blocking the following DNS record types at network gateways will help >>> > > >>> protect the affected system from attempts to exploit this >>> >>> >> vulnerability. >> >> >>> * >>> >>> ATMA >>> >>> * >>> >>> TXT >>> >>> * >>> >>> X25 >>> >>> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> >> >> > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
