lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: R.Ferris at (Ferris, Robin)
Subject: RE: Probable new MS DCOM RPC worm for Windo

I have not yet verified if the files were installed or not and thats a very
good point. I didnt and still dont know what files it changed or installed
for the ms03-026. What are they?

However the eeye scanner has always proved to be correct thus far, in all
the cases that I have tried it on. As we use a standard image here it would
be odd that the patch is "ineffective" in that configuration (PATH?) I think
it is because the patch as has been noted is not always effective. 


-----Original Message-----
From: Gary Flynn []
Sent: 26 September 2003 14:06
To: ''
Subject: Re: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for
Windo ws

I would think a better way of determining if a patch is actually
installed on a system is by examining the files on the system rather
than to depend upon symptoms (scanners) or installation logs (registry

If the add/remove software control panel, registry, or
msi say the machine is patched but the files aren't
there, an installation problem occurred.

If the scanners say the machine is not patched but the
files are there then either the patch is ineffective in
that machine's particular configuration (PATH?) or the
scanner is generating a false positive.

Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists