[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws

To: "Schmehl, Paul L" <pauls@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
From: Gary Flynn <flynngn@xxxxxxx>
Date: Fri, 26 Sep 2003 11:51:10 -0400

Schmehl, Paul L wrote:

-----Original Message----- From: Gary Flynn [mailto:flynngn@xxxxxxx] Sent: Friday, September 26, 2003 8:06 AM To: 'full-disclosure@xxxxxxxxxxxxxxxx' Subject: Re: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws

I would think a better way of determining if a patch is actually installed on a system is by examining the files on the system rather than to depend upon symptoms (scanners) or installation logs (registry entries).
True, but *I'm* not going to physically touch (or even virtually touch)
2000+ machines looking at file properties.  Are you?


No. But I might touch 5-10 that claim to be patched but
seem to still be vulnerable. :)

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
  - From: Schmehl, Paul L

Prev by Date: RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
Next by Date: [Full-Disclosure] Swen
Previous by thread: RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
Next by thread: RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for Windo ws
Index(es):
- Date
- Thread