Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: Probable new MS DCOM RPC worm for Windo ws

From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 26 Sep 2003 11:51:10 -0400


Schmehl, Paul L wrote:


-----Original Message-----
From: Gary Flynn [mailto:flynngn () jmu edu] Sent: Friday, September 26, 2003 8:06 AM 
To: 'full-disclosure () lists netsys com'
Subject: Re: [Full-disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
I would think a better way of determining if a patch is actually installed on a system is by examining the files on the system rather than to depend upon symptoms (scanners) or installation logs (registry entries). 


True, but *I'm* not going to physically touch (or even virtually touch)
2000+ machines looking at file properties.  Are you?


No. But I might touch 5-10 that claim to be patched but
seem to still be vulnerable. :)

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: