[unisog] New (No kidding) RPC Vulnerability

Jeff Godin jeff at tcnet.org
Wed Sep 10 22:48:44 GMT 2003


On Wed, Sep 10, 2003 at 05:07:19PM -0400, STeve Andre' wrote:
> 
[snip]
> Beware: apparently some scanning tools think that a system
> is vulnerable to MS03-026 when MS03-039 has been applied.
> I have no distinct details on this, but have heard it from two
> sources, one whom I know and trust.

Microsoft acknowledges this, and warns people of the issue in 
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp under
the heading "Technical Details / Technical Description:" 

excerpted from the url above:
> If the tool provided in Microsoft Knowledge Base Article 826369 is
> used against a system which has installed the security patch
> provided with this bulletin, the superseded tool will incorrectly
> report that the system is missing the patch provided in MS03-026.
> Microsoft encourages customers to run the latest version of the tool
> available in Microsoft Knowledge Base article 827363 to determine if
> their systems are patched. 

So yes, as you say... Beware. 

-jeff

-- 
Jeff Godin
Network Specialist
Traverse Area District Library / Traverse Community Network
jeff at tcnet.org



More information about the unisog mailing list