[unisog] MSBlast and McAfee AV

David Kennedy CISSP david.kennedy at acm.org
Tue Aug 12 19:00:22 GMT 2003

At 11:16 AM 8/12/03 -0500, Juvinall Peter Stanley wrote:

>Where we got stuck at was I made a concerted effort to get all
>faculty/staff machines updated a couple of weeks go.  I pushed out
>windows update via a GPO and thought that took care of it.  Many of the
>machines had a lower service pack on them and the GPO does not update
>the service pack, just relevant hotfixes.  The patch in question needs
>at least SP2 on Windows 2000 in order to work, if it's not there it
>won't install.  Some machines didn't have that and those were the ones
>that got attacked.

Russ Cooper has an XML file that can be used with HFNetchk/MBSA to push the
patch down onto 2K/SP2 boxen, here's the snip from his message to NTBugtraq:

>Modified MSSecure.XML file to use with HFNetchk/MBSA to detect Windows
2000 SP2 installations without the patch:

Full message is at:

also posted to list:  

>Date:         Tue, 12 Aug 2003 02:10:11 -0500
>Reply-To:     Windows NTBugtraq Mailing List
>Sender:       Windows NTBugtraq Mailing List
>From:         "Schmidt, Tobias E" <tschmidt at WINONA.EDU>
>Subject: GPO blaster scripts --
>For those of you suffering and have a solid understanding of AD and
>group policy, these two scripts can help ease your pain.  It should kill
>the virus long enough to get it patched.
>Tobias Schmidt
>Winona State University


David Kennedy CISSP                       \ / ASCII Ribbon Campaign
Protect what you connect;                  X  Against HTML Mail
Look both ways before crossing the Net.   / \

More information about the unisog mailing list