Yes I'm aware of both tools. WSUS requires dedicated server and configuration. MBSA doesn't list installed patches, date of application, versions, etc. It basically tells you what is missing. I was talking about a tool that I can run from my PC, which I have used in the past. I think you could also remove the patch or roll it back right from the interface. For some reason I thought it was Windows Defender, but I installed it and it doesn't have that capability.
No I'm not managing patching in our networks...well not yet anyway! I'm just trying to raise the flags, so to speak. Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, August 11, 2006 11:53 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : The threats and risk level today: http://msmvps.com/blogs/bradley/archive/2006/08/10/107303.aspx Alun's "Holy Crap" post: Tales from the Crypto : How do I rate today's patches?: http://msmvps.com/blogs/alunj/archive/2006/08/08/107097.aspx MBSA -http://www.microsoft.com/technet/security/tools/mbsahome.mspx WSUS - http://www.microsoft.com/windowsserversystem/updateservices/default.mspx You are managing patching in your networks now right? Alex Alborzfard wrote: > Thanks John this is really helpful, though only for this vulnerability. > > Alex > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Singler > Sent: Friday, August 11, 2006 11:22 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 > Vulnerability in DNS Resolution Could Allow Remote Code Execution > > For MS06-040 you can use the tool from eeye.com to ID vulnerable > machines: > > http://www.eeye.com/html/resources/downloads/audits/NetApi.html > > Alex Alborzfard wrote: > >> What about MS06-040? I've heard it's a nasty one like blaster. >> DHS has already issued a recommendation to apply this patch. >> >> I remember using a utility tool that would list all applied patches on >> > a > >> Windows box with all kind of information. >> Anyone has ever used or knows anything about it? >> >> Alex >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Susan >> > Bradley, > >> CPA aka Ebitz - SBS Rocks [MVP] >> Sent: Tuesday, August 08, 2006 1:55 PM >> To: ActiveDir@mail.activedir.org >> Subject: [ActiveDir] Microsoft Security Bulletin MS06-041 >> > Vulnerability > >> in DNS Resolution Could Allow Remote Code Execution >> >> One of 12 today...but since it's DNS related >> >> Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution >> Could Allow Remote Code Execution (920683): >> http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx >> >> For an attack to be successful the attacker would either have to be on >> > a > >> subnet between the host and the DNS server or force the target host to >> > > >> make a DNS request to receive a specially crafted record response from >> > > >> an attacking server. >> >> (and Brett...just a FYI... in my twig forest... any attacker that ends >> > > >> up on a subnet between a host and my DNS server [aka the Kitchen sink >> service server] ... that attacker is dead meat and has a 2x4 aimed his >> > > >> way... one advantage of being little) >> >> Your patch folks may be calling up you AD guys for testing passes. >> >> Workarounds: >> >> *Block DNS related records at network gateways* >> >> Blocking the following DNS record types at network gateways will help >> protect the affected system from attempts to exploit this >> > vulnerability. > >> * >> >> ATMA >> >> * >> >> TXT >> >> * >> >> X25 >> > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx