Educause Security Discussion mailing list archives

Re: Vulnerability scanner for MS05-039

From: Robert Kerr <r.kerr () CRANFIELD AC UK>
Date: Wed, 17 Aug 2005 11:04:01 +0100

On Tue, 2005-08-16 at 14:17 -0500, Graham Toal wrote:

David Taylor wrote:

Great tool!  Thanks for the work you did on this and a special thanks in
sharing.  I scanned 4 Class B networks with it today!  Fast and seems to be
pretty accurate!

I have a *lot* of these:

445 MS04-007 SECURE:MS04-011 SECURE:MS05-039 INCONCLUSIVE [0000f203]

Any ideas what the Inconclusive means in that context?  They're all XPs.
Some of themmay not have rebooted yet despite already having received the
 patch.
(We pushed out the updates last week using SMS)


To exploit this vulnerability with XP SP1 or above valid logon
credentials are required:

 http://www.microsoft.com/technet/security/advisory/899588.mspx

Seeing as the scanner doesn't have valid logon credentials it's not
possible for it to determine for sure whether such machines are patched
or not. At least that's my understanding.

--
 Robert Kerr

Current thread:

Vulnerability scanner for MS05-039 Chris Russel (Aug 16)
- <Possible follow-ups>
- Re: Vulnerability scanner for MS05-039 David Taylor (Aug 16)
- Re: Vulnerability scanner for MS05-039 Graham Toal (Aug 16)
- Re: Vulnerability scanner for MS05-039 Robert Kerr (Aug 17)
- Re: Vulnerability scanner for MS05-039 Chris Russel (Aug 17)
- Re: Vulnerability scanner for MS05-039 Tom Bossie (Aug 17)