I would also like to add my thanks. In a large University environment (40,000 people), it is important that we have checks that do not rely on having administrator access. Thus, I would like to encourage ISS to continue developing checks that do not require admin rights when possible.
Thank you.
-Jeffrey
At 05:03 PM 1/29/2003 +0800, [EMAIL PROTECTED] wrote:
Hi Bob,Jeffrey Savoy, CISSP
I'm very glad that XForce have just released the latest XPU with
'MssqlResolutionServiceBo' without any admin rights needed. Becos for
really large network, having admin rights for each system is not feasible.
I jointly know there there are some check that need to access to the
registry but I hope that there should be a work around for this. If not, it
won't reflect the correct vulnerabilities status of my servers. For example
in the case of this current released check 'MssqlResolutionServiceBo', it
doesn't totally send the Buffer overflow code to UDP port 1434 and stop the
SQL service but instead it just send a "ping" and waiting for a "reply"
back from the targeted SQL server on1434 to determine whether the targeted
SQL server is vulnerable anot. This check already give a good insight as in
whether the host is vulnerable, instead the need of admin rights inorder to
execute the some critical checks.
Anyway, thanks to your top technical gurus, Rob Graham for the SQL slammer
check.
Regards,
Cindy
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
Information Security Officer
University of Wisconsin-Madison
608-262-8369
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
