[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
- From: "Randal, Phil" <prandal@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Sep 2003 16:20:59 +0100
Why not? Easy enough to check in a login script if you're using something
like Kixtart (www.kixtart.org).
Cheers,
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: Schmehl, Paul L [mailto:pauls@xxxxxxxxxxxx]
> Sent: 26 September 2003 15:33
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for
> Windo ws
>
>
> > -----Original Message-----
> > From: Gary Flynn [mailto:flynngn@xxxxxxx]
> > Sent: Friday, September 26, 2003 8:06 AM
> > To: 'full-disclosure@xxxxxxxxxxxxxxxx'
> > Subject: Re: [Full-Disclosure] RE: Probable new MS DCOM RPC
> > worm for Windo ws
> >
> >
> > I would think a better way of determining if a patch is
> > actually installed on a system is by examining the files on
> > the system rather than to depend upon symptoms (scanners) or
> > installation logs (registry entries).
>
> True, but *I'm* not going to physically touch (or even
> virtually touch)
> 2000+ machines looking at file properties. Are you?
>
> Paul Schmehl (pauls@xxxxxxxxxxxx)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html