Re: Windows Patch Auditing & "File and Print Sharing" disabled

[Christian Eric Edjenguele <christian.edjenguele () owasp org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you tried OpenVAS ?
Please note that it's also possible to retrieve such update via snmp,
with snmpwalk, I think snmp is enabled by default on windows machine, I
don't remember.

Mike Drugov wrote:
> Alright
>
> List of tools that failed
>
> Nessus
> FoundStone
> GFI
> MBSA
>
>
> Please keep in mind that on remote nodes "Windows Update Service" is disabled and stopped as well as "Client for File 
> & Print Sharing" is uninstalled
>
> I think my last resort will be to run WMI scripts pull up a list of installed updates and correlate with MS database
>
>
>
>
>
> > > > "Mike Drugov" <DRUGOVM () nychhc org> 4/30/2009 1:41 PM >>>
> Will it work with File & Print Sharing disabled?
>
> > > > eek hmm <eek3hmm () gmail com> 4/30/2009 1:39 PM >>>
> GFI LanGuard will work.
> http://www.gfi.com/lannetscan/?adv=675&loc=1 
>
>
> On 4/30/09 11:01 AM, "Mike Drugov" <DRUGOVM () nychhc org> wrote:
>
>
> > Hello list,
>
>
> > I need some advise
>
>
> > I'm trying to scan a Windows Network where all end nodes except Domain
>
> > Controller have "File & Print Sharing" disabled.
>
>
> > What I'm trying to get a list of Microsoft Updates that are missing.
>
>
>
> > So far I tried Nessus & Foundstone and none of them are able to provide a
>
> > report with missing patches.(I'm able to get a report from Domain
> Controller)
>
>
> > Nessus support stated that "File & Print Sharing" is required for patch
>
> > auditing
>
>
>
> > What is my other options?
>
>
> > Thanks
>
>
>
> > -----------------------------------------
>
> > Visit www.nyc.gov/hhc 
>
>
> > CONFIDENTIALITY NOTICE: The information in this E-Mail may be
>
> > confidential and may be legally privileged. It is intended solely
>
> > for the addressee(s). If you are not the intended recipient, any
>
> > disclosure, copying, distribution or any action taken or omitted to
>
> > be taken in reliance on this e-mail, is prohibited and may be
>
> > unlawful. If you have received this E-Mail message in error, notify
>
> > the sender by reply E-Mail and delete the message.
>
>
> > ------------------------------------------------------------------------
>
> > This list is sponsored by: InfoSec Institute
>
>
> > Tired of using other people's tools? Why not learn how to write your own
>
> > exploits?
>
> > InfoSec Institute's Advanced Ethical Hacking class teaches you how to
> write
>
> > stack and heap buffer overflow exploits for Windows and Linux. Gain your
>
> > Certified Expert Penetration Tester (CEPT) cert as well.
>
>
> http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html 
>
> > ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Tired of using other people's tools? Why not learn how to write your own exploits?
> InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits 
> for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.
>
> http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html 
> ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Tired of using other people's tools? Why not learn how to write your own exploits? 
> InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits 
> for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 
>
> http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
> ------------------------------------------------------------------------


- --
Christian Eric Edjenguele
IT Security Software Engineer / IT Enterprise Software Architect
Mobile (IT): +39 3408580513
PGP KeyID: 0xB1654498
Key Server: http://pgp.mit.edu
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ
eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs
K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P
6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3
EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2
QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj
IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy
aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm
RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0
wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w
8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW
BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G
NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV
e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM
i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3
cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z
fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA
gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4
U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t
SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C
51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ
KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2
x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX
fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr
ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ
mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC
5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy
yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre
2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3
4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF
E1MQObpE5A==
=7VGF
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJJ+ga2AAoJENETScWxZUSYzA8H/jlYbGMeELFfqPjauMKC0Jk+
hagmvkDWyicElV9sQLGlBFukKcIuyEaewdLJ8PuqiUTHVOVreuz3yfCfOro1hlvb
zRG2ob24YPV/gQjPQklmqJkAOkGVvU/CpdahqmujuZ3mxyZXe93nihFsKJivbK91
p+6BtX5THY4ppzQCJHiL/WFo3WWqHGKZFWfCmCQpUGgGI0+WcwZ4BLGyYZPkk/N/
PfRK+TS1GK9nBv1HjfGbL9/e18eDtkv0rJqeT0OTRhGQLh/7nEDxeHGXyuafRQ3i
5SK0RdHpak+oxvo06+bz8B/EKa84REKDdYt+7dtSdrwOUZfMZZ/5AJM1j65Yydg=
=UIs3
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? 
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------