[Full-Disclosure] Foundstone Labs to Release Absolutely FREE Tool

[James Foster]

One liner: Our free tool, MessengerScan, is available for free download at www.foundstone.com     Some questions that may be running through your head…   Is there a witty name for this new fancy tool? Yes, of course - the name follows our proprietary tool naming schema: Foundstone MessengerScan v1.05. J   Do you take credit card payments for MessengerScan? $5000/IP right? NO! This tool is actually completely free. That's right, you have the ability to scan and potentially fix all of your vulnerable systems.  Want to scan your Class C, better yet how about your Class A address space for absolutely nothing – sure, no problem. It's just too bad we don't have any television airtime to emphasize how free this tool really is.  Additionally, this software is yours to keep. You have the ability to download it, store it on your computer and execute it on your systems in any fashion of your choosing. We'd hate for you to confuse this with a free Web-based scan of your systems.   Will MessengerScan change my screensaver to reflect the title of the latest Ben and J.Lo flick? Unfortunately not. MessengerScan provides you with the ability to remotely determine if your W2k, XP, or 2k3 boxes are vulnerable – en masse and quickly. This does not require any crazy credentials nor special access to the system. If the system is vulnerable and provided you are indeed an administrator with the credentials to prove it, we will provide you with the ability to shutdown and disable the Messenger service. Initially, we only permitted the tool to shutdown the service but soon figured that unknowing users would probably reboot their systems at some point and end up in the same vulnerable state. As to take some fun out of trying to figure out what we are doing behind the scenes, we use Microsoft's Windows Management Instrumentation (WMI) on the remote systems to implement these protective measures. WMI is one of Microsoft’s management systems for providing control over remote systems. More information on WMI can be found at: http://www.microsoft.com/technet/treeview/default.asp?url=""> It is uber important as an administrator to first ensure you do not use or need the Messenger service within your organization before disabling it.   How fast is it? Fast is a relative term but we have implemented a 64 count thread pool and as long as you scan over 64 IP addresses you will max out your current number of allowed threads. In addition we use straight TCP connects so give it a go and test it for yourself.   Is it perfect? No – like us, the tool is not quite perfect. Currently it will identify vulnerable services running on Windows 2000, Windows XP, and Windows 2003. Expect a new release of MessengerScan, probably named MessengerScanv1.06 or MessengerScanv2.0 (if we get really excited) when we have finished identifying and validating an accurate method for remotely detecting vulnerable NT 4.0 systems running the Messenger service without authentication creds.   How many colors does the tool come in? Well the first version only comes in "Microsoft Windows gray" but it does have a Windows GUI. Enough said.   Does it patch the system for me? No.   Wow! How did Foundstone Labs find all of these vulnerabilities so quickly? Just so everyone is clear, we did not find any of these bugs nor are we claiming to have done so. Re-iteration: Foundstone did not initially find nor release any of the vulnerabilities Microsoft announced on October 15, 2003; however, we have researched each of them in depth over the past 48 hours. This research has enabled Foundstone Labs to write vulnerability scripts for each of the seven MSFT vulnerabilities released this week. While identifying new vulnerabilities is interesting and somewhat challenging, a conscious decision was made in 2003 by Foundstone and Foundstone Labs to focus the majority of our efforts and resources on creating outstanding technology, protecting customers, and researching innovative technologies. Awards received from Network Computing and eWeek in combination with positive customer feedback have substantiated our efforts, and we continue to stand behind our decision.   What is the Foundstone Challenge? There are numerous common misconceptions about Foundstone's product suite. We realize that most companies already have in-house or outsourced vulnerability assessment and management solutions. In an effort to show the world our technological advantage, we are continuing to offer free 21 day trials of our Managed Service and Foundstone Professional software. Foundstone encourages you to sign up for our program and put us and our technology to the test in your environment.   Our website is www.foundstone.com   “Greetz, Props, and L8r’s” never really caught on for me so I’ll stick with the good old fashion and preppy… Regards and have a great day.   -Foster   ...   James C. Foster Director, Research and Development Foundstone, Inc. Strategic Security   949.297.5600 Tel 949.463.3373 Mobile 949.297.5575 Fax   http://www.foundstone.com   software | services | education   This email may contain confidential and privileged information for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies of this message. Thank you.