I heard this is included in SMS also, true?! Alex
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, August 11, 2006 12:11 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution While I prefer Shavlik.. WSUS is free and fits in extremely nicely in an active directory network. Steve Linehan wrote: > Microsoft provides several options for scanning your machines for > security patches which can be found here: > http://www.microsoft.com/technet/security/tools/default.mspx > Take a look at the section "Security Update Detection Solutions" and > find the one that best meets your environment. There are of course many > other third party tools as well. > > Thanks, > > -Steve > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard > Sent: Friday, August 11, 2006 10:38 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Microsoft Security Bulletin MS06-041 > Vulnerability in DNS Resolution Could Allow Remote Code Execution > > Thanks John this is really helpful, though only for this vulnerability. > > Alex > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Singler > Sent: Friday, August 11, 2006 11:22 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 > Vulnerability in DNS Resolution Could Allow Remote Code Execution > > For MS06-040 you can use the tool from eeye.com to ID vulnerable > machines: > > http://www.eeye.com/html/resources/downloads/audits/NetApi.html > > Alex Alborzfard wrote: > >> What about MS06-040? I've heard it's a nasty one like blaster. >> DHS has already issued a recommendation to apply this patch. >> >> I remember using a utility tool that would list all applied patches on >> > a > >> Windows box with all kind of information. >> Anyone has ever used or knows anything about it? >> >> Alex >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Susan >> > Bradley, > >> CPA aka Ebitz - SBS Rocks [MVP] >> Sent: Tuesday, August 08, 2006 1:55 PM >> To: ActiveDir@mail.activedir.org >> Subject: [ActiveDir] Microsoft Security Bulletin MS06-041 >> > Vulnerability > >> in DNS Resolution Could Allow Remote Code Execution >> >> One of 12 today...but since it's DNS related >> >> Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution >> Could Allow Remote Code Execution (920683): >> http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx >> >> For an attack to be successful the attacker would either have to be on >> > a > >> subnet between the host and the DNS server or force the target host to >> > > >> make a DNS request to receive a specially crafted record response from >> > > >> an attacking server. >> >> (and Brett...just a FYI... in my twig forest... any attacker that ends >> > > >> up on a subnet between a host and my DNS server [aka the Kitchen sink >> service server] ... that attacker is dead meat and has a 2x4 aimed his >> > > >> way... one advantage of being little) >> >> Your patch folks may be calling up you AD guys for testing passes. >> >> Workarounds: >> >> *Block DNS related records at network gateways* >> >> Blocking the following DNS record types at network gateways will help >> protect the affected system from attempts to exploit this >> > vulnerability. > >> * >> >> ATMA >> >> * >> >> TXT >> >> * >> >> X25 >> > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
