Hi there We run "lite" daily scans of our server room, and in the past 4 days we've experienced 3 Win2K3 crashes on 2 different servers that occurred within 2 minutes of Nessus *finishing* the scan of them. (ie the crash occurs afterwards - not during)
There is no BSOD and no dump. The servers are just working and then they're rebooting. The servers were both Windows Server 2003 R2, with one being an ISCSI "Storage Server". According the the SysAdmin, the Storage Server was last updated in Feb (so quite a few missing patches), and the other was last patched-and-rebooted 5-6 weeks ago. The "lite" scan means I have a nessus config (can send if needed) that is merely scanning for MS-SQL issues (neither server has MS-SQL) and what MS patches are missing. It runs with full local Admin privs. It has "Safe Checks" enabled. According to nessus, the patches that were missing were: 31794: Graphic Rendering Engine bug 24336: Arbitrary code can be executed on the remote host through the MFC Neither of them sounds remotely dangerous from a nessus scan perspective. However, the box that crashed twice (Storage Server) was showing up as missing NO patches - and yet hadn't been patched since Feb. Looking at the daily scan results I now see that it appears Nessus wasn't able to do lots of checks - including dumping installs packages. So it was not reporting reality. Anyway, so the big question is: any ideas what Nessus was doing that would cause it to crash relatively up to date Win2K3-R2 servers? Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
