Microsoft provides several options for scanning your machines for security patches which can be found here: http://www.microsoft.com/technet/security/tools/default.mspx Take a look at the section "Security Update Detection Solutions" and find the one that best meets your environment. There are of course many other third party tools as well.
Thanks, -Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Friday, August 11, 2006 10:38 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution Thanks John this is really helpful, though only for this vulnerability. Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Friday, August 11, 2006 11:22 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution For MS06-040 you can use the tool from eeye.com to ID vulnerable machines: http://www.eeye.com/html/resources/downloads/audits/NetApi.html Alex Alborzfard wrote: > What about MS06-040? I've heard it's a nasty one like blaster. > DHS has already issued a recommendation to apply this patch. > > I remember using a utility tool that would list all applied patches on a > Windows box with all kind of information. > Anyone has ever used or knows anything about it? > > Alex > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, > CPA aka Ebitz - SBS Rocks [MVP] > Sent: Tuesday, August 08, 2006 1:55 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability > in DNS Resolution Could Allow Remote Code Execution > > One of 12 today...but since it's DNS related > > Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution > Could Allow Remote Code Execution (920683): > http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx > > For an attack to be successful the attacker would either have to be on a > > subnet between the host and the DNS server or force the target host to > make a DNS request to receive a specially crafted record response from > an attacking server. > > (and Brett...just a FYI... in my twig forest... any attacker that ends > up on a subnet between a host and my DNS server [aka the Kitchen sink > service server] ... that attacker is dead meat and has a 2x4 aimed his > way... one advantage of being little) > > Your patch folks may be calling up you AD guys for testing passes. > > Workarounds: > > *Block DNS related records at network gateways* > > Blocking the following DNS record types at network gateways will help > protect the affected system from attempts to exploit this vulnerability. > > * > > ATMA > > * > > TXT > > * > > X25 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
