I chose it because in my lab tests and in the field it has proven reliable. Got the patch, pass the test. Don't have the patch, fail the test and get an email from the security group.
It still works - but I wanted something to detect (without credentials) at a more current level. One thing I can say over several years of running tests like this against our user community is that things have gotten dramatically better. I'd like to think that the occasional "we're watching you" email helped to achieve that. Appreciate the reply. -----Original Message----- From: Doug Nordwall [mailto:[EMAIL PROTECTED] Sent: Sunday, October 07, 2007 12:20 PM To: Klun, Jim Cc: [email protected] Subject: Re: Need current reliable "no-credentials" Microsoft test Interesting that it proved to be such a reliable indicator. Why do you think that is? what led you to pick it in the first place? I'm guessing that for whatever reason, the old logic you used is not working, and you are looking to catch those machines which are post-this patch, yet don't have automatic updates on. the only plugins i can find with MS07 are find ./ -exec grep -l MS07 {} \; .//macosx_ms_office_may2007.nasl .//smb_nt_ms05-002.nasl .//smb_nt_ms07-004.nasl .//smb_nt_ms07-011.nasl .//smb_nt_ms07- 012.nasl .//smb_nt_ms07-013.nasl .//smb_nt_ms07-016.nasl .//smb_nt_ms07-017.nasl .//smb_nt_ms07-021.nasl .//smb_nt_ms07-027.nasl .//smb_nt_ms07-029.nasl .//smb_nt_ms07-030.nasl .//smb_nt_ms07-031.nasl .//smb_nt_ms07-032.nasl .//smb_nt_ms07-033.nasl and they all suspiciously look like they might really like authentication... they all require enumeration of the registry. On 10/7/07, Klun, Jim <[EMAIL PROTECTED]> wrote: I do an automated light nessus scan on all our VPN users as they enter private space. I cannot rely on having credentials to the user's machine. MS06-040 plugin 21294 has been my test for the last year for users who are likely not-doing auto-updates - and it has proved a reliable test. The test works and invariably they do not have any form of automated patching. I am looking for a more current ( 2007 would be nice ;-) ) Microsoft vuln plugin that achieves the same - without requiring credentials. Any suggestions? James A. Klun _______________________________________________ Nessus mailing list [email protected] <mailto:[email protected]> http://mail.nessus.org/mailman/listinfo/nessus -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
