New RPC Vulnerability -> SCANMS false positive

Steve Bernard sbernard at
Wed Sep 10 22:51:18 GMT 2003

FYI, after applying the new RPC patches (MS03-039), ISS's 'scanms.exe' tool
flags hosts as being vulnerable to the previous RPC vulnerability
(MS03-036). I haven't seen an updated version of 'scanms' yet. The new
signatures from E-Eye seem to work well.



-----Original Message-----
From: Gary Flynn [mailto:flynngn at]
Sent: Wednesday, September 10, 2003 4:58 PM
Cc: unisog at
Subject: Re: [unisog] New (No kidding) RPC Vulnerability

Dax wrote:

> 	Sadly, I can't even come up with something quick and witty to
> say, thanks to my slack-jawed state of disbelief...
> 	Sooo...good job patching for Blaster everyone...Next!

And just to avoid confusion, it IS a new defect:

The patch fixes both the old and new defects. Doesn't look as
easy to exploit but there is a lot of attention being paid
to it. :(

Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.

More information about the unisog mailing list