I can't speak to that, as I'm only scanning for non-credential-required attacks right now.
Chad -----Original Message----- From: Chris Lyon [mailto:[EMAIL PROTECTED] Sent: Thursday, August 18, 2005 10:50 AM To: Renaud Deraison Cc: Chad I. Uretsky; [email protected] Subject: Re: Plugin 19408 - MS05-039 - and Windows Server 2003 On 8/17/05, Renaud Deraison <[EMAIL PROTECTED]> wrote: > > On Aug 17, 2005, at 19:49, Chad I. Uretsky wrote: > > > I just ran a scan against a Win2K3 box I have, checking for the > > MS05-039 vulnerability. I have not yet patched the box, and so I > > expected it to show up as vulnerable. > It won't show up as vulnerable, as the pipe which is needed to access > the PNP service is not available over a NULL session (while it is on > Win2K). The good news is that a worm can not do a blind attack either, > as credentials are needed on this platform. Even if you supply the login information? > > -- Renaud > > _______________________________________________ > Nessus mailing list > [email protected] http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
