..and plant that flag and get it raised.
You cannot protect what is not managed.
Alex Alborzfard wrote:
Yes I'm aware of both tools. WSUS requires dedicated server and
configuration.
MBSA doesn't list installed patches, date of application, versions, etc.
It basically tells you what is missing.
I was talking about a tool that I can run from my PC, which I have used
in the past. I think you could also remove the patch or roll it back
right from the interface. For some reason I thought it was Windows
Defender, but I installed it and it doesn't have that capability.
No I'm not managing patching in our networks...well not yet anyway!
I'm just trying to raise the flags, so to speak.
Alex
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Friday, August 11, 2006 11:53 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041
Vulnerability in DNS Resolution Could Allow Remote Code Execution
E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : The threats and
risk level today:
http://msmvps.com/blogs/bradley/archive/2006/08/10/107303.aspx
Alun's "Holy Crap" post:
Tales from the Crypto : How do I rate today's patches?:
http://msmvps.com/blogs/alunj/archive/2006/08/08/107097.aspx
MBSA -http://www.microsoft.com/technet/security/tools/mbsahome.mspx
WSUS -
http://www.microsoft.com/windowsserversystem/updateservices/default.mspx
You are managing patching in your networks now right?
Alex Alborzfard wrote:
Thanks John this is really helpful, though only for this
vulnerability.
Alex
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Singler
Sent: Friday, August 11, 2006 11:22 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041
Vulnerability in DNS Resolution Could Allow Remote Code Execution
For MS06-040 you can use the tool from eeye.com to ID vulnerable
machines:
http://www.eeye.com/html/resources/downloads/audits/NetApi.html
Alex Alborzfard wrote:
What about MS06-040? I've heard it's a nasty one like blaster.
DHS has already issued a recommendation to apply this patch.
I remember using a utility tool that would list all applied patches
on
a
Windows box with all kind of information.
Anyone has ever used or knows anything about it?
Alex
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan
Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, August 08, 2006 1:55 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Microsoft Security Bulletin MS06-041
Vulnerability
in DNS Resolution Could Allow Remote Code Execution
One of 12 today...but since it's DNS related
Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution
Could Allow Remote Code Execution (920683):
http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx
For an attack to be successful the attacker would either have to be
on
a
subnet between the host and the DNS server or force the target host
to
make a DNS request to receive a specially crafted record response
from
an attacking server.
(and Brett...just a FYI... in my twig forest... any attacker that
ends
up on a subnet between a host and my DNS server [aka the Kitchen sink
service server] ... that attacker is dead meat and has a 2x4 aimed
his
way... one advantage of being little)
Your patch folks may be calling up you AD guys for testing passes.
Workarounds:
*Block DNS related records at network gateways*
Blocking the following DNS record types at network gateways will help
protect the affected system from attempts to exploit this
vulnerability.
*
ATMA
*
TXT
*
X25
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx