[unisog] MSBlast and McAfee AV

David Kennedy CISSP david.kennedy at acm.org
Tue Aug 12 19:00:22 GMT 2003


At 11:16 AM 8/12/03 -0500, Juvinall Peter Stanley wrote:

>Where we got stuck at was I made a concerted effort to get all
>faculty/staff machines updated a couple of weeks go.  I pushed out
>windows update via a GPO and thought that took care of it.  Many of the
>machines had a lower service pack on them and the GPO does not update
>the service pack, just relevant hotfixes.  The patch in question needs
>at least SP2 on Windows 2000 in order to work, if it's not there it
>won't install.  Some machines didn't have that and those were the ones
>that got attacked.

Russ Cooper has an XML file that can be used with HFNetchk/MBSA to push the
patch down onto 2K/SP2 boxen, here's the snip from his message to NTBugtraq:

>
>Modified MSSecure.XML file to use with HFNetchk/MBSA to detect Windows
2000 SP2 installations without the patch:
>http://www.ntbugtraq.com/LovSAN-W2KSP2.asp
>
>

Full message is at:
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0308&L=ntbugtraq&F=P
&S=&P=3743


also posted to list:  

>Date:         Tue, 12 Aug 2003 02:10:11 -0500
>Reply-To:     Windows NTBugtraq Mailing List
<NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM>
>Sender:       Windows NTBugtraq Mailing List
<NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM>
>From:         "Schmidt, Tobias E" <tschmidt at WINONA.EDU>
>Subject: GPO blaster scripts --
http://www.winona.edu/its/downloads/msblast.htm
>To:           NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM
>
>http://www.winona.edu/its/downloads/msblast.htm
> 
>For those of you suffering and have a solid understanding of AD and
>group policy, these two scripts can help ease your pain.  It should kill
>the virus long enough to get it patched.
> 
>Tobias Schmidt
>Winona State University
>

HTH.

-- 
Regards,
                                          /"\
David Kennedy CISSP                       \ / ASCII Ribbon Campaign
Protect what you connect;                  X  Against HTML Mail
Look both ways before crossing the Net.   / \



More information about the unisog mailing list