XForce has just released XPU 6.25 for Internet Scanner which contains a new check to test for this vulnerability without the need for admin rights.
-Brent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 12:04 PM To: Rouland, Chris (ISSAtlanta) Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Stephen Tihor; ISS XForce Subject: RE: [ISSForum] ISS Security Brief: Microsoft SQL Slammer Worm Propagation Can we expect an updated check for the vulnerability via the network soon? Many scans don't have admin rights on targets, especially in large environments. "Rouland, Chris (ISSAtlanta)" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 01/26/2003 02:52 PM To: "Stephen Tihor" <[EMAIL PROTECTED]>, "ISS XForce" <[EMAIL PROTECTED]> cc: [EMAIL PROTECTED] Subject: RE: [ISSForum] ISS Security Brief: Microsoft SQL Slammer Worm Propagation Stephen, The MssqlMs02039Patch (SecChkId 9666) check for Internet Scanner works by reading the path to where SQLServer is installed and then gets the version resource from ssnetlib.dll. If the version is less than 636, we flag the target as vulnerable. You will need admin rights on the target to detect this. -Chris -----Original Message----- From: Stephen Tihor [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 2:14 PM To: ISS XForce Cc: [EMAIL PROTECTED] Subject: Re: [ISSForum] ISS Security Brief: Microsoft SQL Slammer Worm Propagation Interestingly enough if have ISS internet scanner upda toe date with all XPU's and scanned a machine Friday which turned out to be vulnerable today. It was a stable production node so I doubt they enabled anything new. Which suggests the ISS was not on point or was a Denial of Service test since those were not run against the machine being tested. Could someone tell me which was the case? _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
