Robert,
If you look at
Microsoft's bulletin (http://www.microsoft.com/technet/security/bulletin/fq99-025.asp) they
specify that among other things you should delete the vbbusobj.dll file if you
require RDS on your server.
Can we make the
assumption that we will reduce false positives and not false negatives if we
check for both files before generating a warning?
We have created a
new version of msadcs_dll.nasl that only generates a positive if both files are
present. Also, the vulnerability description on this plugin needs some
updating.
We expect to submit
this modified script on Monday. We have found some timing issues and
now that Renaud is picky with plugin modifications I'm not sure if he'll accept
it. ;o)
Thanks,
Brad Caldwell
SecurityMetrics
(801)724-9600
(801)724-9600
(801)724-9700 fax
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alvey Robert W KPWA
Sent: Friday, December 13, 2002 2:46 PM
To: [EMAIL PROTECTED]
Subject: RDS / MSDACS Nessus Scan...I heard that the recent RDS/MSDACS vulnerability had a patch out (MS0-065 I think was the one) that didn't fix the problem for good, only a temp fix. Now Microsoft has released the next cumulative patch for IE (Q324929) which includes the MSDACS fix, and I was wondering if anyone knew if that fix worked on a more permanent basis? I applied the patch and then ran a scan using the two plugins that go through port 80 to find the file, and they pick up the file and label it as vulnerable, however they only look for the file, not check to see if it's still exploitable, so I'm still not sure if the new patch works or not.
Robert Alvey
Code 19, Apprentice
(360) 315-3159
A+ Certified, CFOI
