[unisog] Scanner for MS03-049?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Nov 20 02:58:08 GMT 2003


On Thu, 20 Nov 2003 10:44:54 +1300, Russell Fulton said:

> Hmmm... I wonder if MS would be prepared (for future vulnerabilities
> like this) to try and change something non critical in the response of
> patched system so that one can easily tell if the system has been
> patched.

Well, the obvious solution is to provide a fullword mask of "patch installed"
bits available via a network query.  Of course, even a 64-bit mask would
run out in about a year at MS's current rate.

And then of course, you have the 'broken patch' issue - it would allow an
attacker to find out "Oh, bit 19 is on, so MS0X-XX is installed, but bit 23 is
off, so they haven't patched the additional vulnerabilities yes"....

Might as well try to get MS to properly support RFC3514.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031119/08d7fa1e/attachment-0003.bin


More information about the unisog mailing list