While I prefer Shavlik.. WSUS is free and fits in extremely nicely in an
active directory network.
Steve Linehan wrote:
Microsoft provides several options for scanning your machines for
security patches which can be found here:
http://www.microsoft.com/technet/security/tools/default.mspx
Take a look at the section "Security Update Detection Solutions" and
find the one that best meets your environment. There are of course many
other third party tools as well.
Thanks,
-Steve
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard
Sent: Friday, August 11, 2006 10:38 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Microsoft Security Bulletin MS06-041
Vulnerability in DNS Resolution Could Allow Remote Code Execution
Thanks John this is really helpful, though only for this vulnerability.
Alex
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Singler
Sent: Friday, August 11, 2006 11:22 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041
Vulnerability in DNS Resolution Could Allow Remote Code Execution
For MS06-040 you can use the tool from eeye.com to ID vulnerable
machines:
http://www.eeye.com/html/resources/downloads/audits/NetApi.html
Alex Alborzfard wrote:
What about MS06-040? I've heard it's a nasty one like blaster.
DHS has already issued a recommendation to apply this patch.
I remember using a utility tool that would list all applied patches on
a
Windows box with all kind of information.
Anyone has ever used or knows anything about it?
Alex
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan
Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, August 08, 2006 1:55 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Microsoft Security Bulletin MS06-041
Vulnerability
in DNS Resolution Could Allow Remote Code Execution
One of 12 today...but since it's DNS related
Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution
Could Allow Remote Code Execution (920683):
http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx
For an attack to be successful the attacker would either have to be on
a
subnet between the host and the DNS server or force the target host to
make a DNS request to receive a specially crafted record response from
an attacking server.
(and Brett...just a FYI... in my twig forest... any attacker that ends
up on a subnet between a host and my DNS server [aka the Kitchen sink
service server] ... that attacker is dead meat and has a 2x4 aimed his
way... one advantage of being little)
Your patch folks may be calling up you AD guys for testing passes.
Workarounds:
*Block DNS related records at network gateways*
Blocking the following DNS record types at network gateways will help
protect the affected system from attempts to exploit this
vulnerability.
*
ATMA
*
TXT
*
X25
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
