Stephen, The MssqlMs02039Patch (SecChkId 9666) check for Internet Scanner works by reading the path to where SQLServer is installed and then gets the version resource from ssnetlib.dll. If the version is less than 636, we flag the target as vulnerable.
You will need admin rights on the target to detect this. -Chris -----Original Message----- From: Stephen Tihor [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 2:14 PM To: ISS XForce Cc: [EMAIL PROTECTED] Subject: Re: [ISSForum] ISS Security Brief: Microsoft SQL Slammer Worm Propagation Interestingly enough if have ISS internet scanner upda toe date with all XPU's and scanned a machine Friday which turned out to be vulnerable today. It was a stable production node so I doubt they enabled anything new. Which suggests the ISS was not on point or was a Denial of Service test since those were not run against the machine being tested. Could someone tell me which was the case? _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
