MS03-026 (823980) Scanning Tool Available

  • Thread starter Jerry Bryant [MSFT]
  • Start date
J

Jerry Bryant [MSFT]

The following tool has just been released:

Microsoft has released a KB 823980 Scanning Tool (KB823980scan.exe) that can
be used to scan networks to identify host computers that do not have the
823980 security patch (MS03-026) installed. For additional information about
the 823980 security patch (MS03-026), click the following article number to
view the article in the Microsoft Knowledge
Base:
823980 MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
http://support.microsoft.com/default.aspx?scid=kb;en-us;823980


For additional information about a new worm virus that tries to exploit
the DCOM RPC vulnerability that is fixed by the 823980 security patch
(MS03-026), click the following article number to view the article in
the Microsoft Knowledge Base:
826955 Virus Alert About the W32.Blaster.Worm Worm
http://support.microsoft.com/default.aspx?scid=KB;EN-US;826955

Download location:
http://microsoft.com/downloads/deta...6C-B71B-4992-91F1-AAA785E709DA&displaylang=en

The MS03-026 bulletin is being updated now as well.

--
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security


This posting is provided "AS IS" with no warranties, and confers no rights.
 
L

LuckyStrike

Thanks for the two links/updates on the "hub-bub" of the last few days.

Regards,
LuckyStrike
(e-mail address removed)
 
A

Andrew

ANSWER TO KB823980Scan patch rollout !!

Tools required

The best tool is a GUI version from www.eeye.com !!! GET IT !!

psexec.exe http://www.sysinternals.com
srvinfo.exe http://www.petri.co.il/download_free_reskit_tools.htm
scansms.exe http://www.iss.net/support/product_utilities/ms03-026rpc.php
OR the microsoft DOS command-line scanner
http://support.microsoft.com/support/misc/kblookup.asp?ID=826369

All this needs is a list of IP addresses to go through and PATCH. I
have been patching my systems all week using SCANMS.EXE and sending
the output to a file, which I then load into excel and save.

The Microsoft one does this for me ! so I just need to run it and I
have a list of unpatched IP, I then simply use the attached 2 batch
files.

I have been developing all week, and I'm sure this is not the best
script in the world so modify as required.

*** PLEASE NOTE THOSE ON GOOGLE GROUPS MAY NEED TO AMMEND AS LINES GET
CUT ***

The rollout.cmd need to have a domain admin acount AND password
entered and save

-------rollout.cmd-------------
if {%1}=={} (echo Usage: rollout filename.txt)
for /f "eol=; Tokens=*" %%i in (%1) do psexec \\%%i -u
domainanme\username -p password -c \\server\netlogon\update.cmd
-----------------------------------------

-------------update.cmd----------------------------
if exist "c:\documents and settings" goto 2kmachine

copy \\server\share\pskill.exe c:\
c:\pskill nt40.exe
copy \\server\share\fix\updated.txt c:\
copy \\server\share\fix\nt40.exe c:\
c:\nt40.exe -m -q
goto EOF

:2kmachine
copy \\server\share\srvinfo.exe c:\winnt /y
for /F %%q in ('SrvInfo -ns^| find /c "Build: 2195, ServicePack 2"')
do if %%q==0 goto notsp
copy \\server\share\srvinfo.exe c:\winnt /y
copy \\server\share\fix\updated.txt c:\
copy \\server\share\fix\w2k.exe c:\
c:\w2k.exe -q -u

:notsp
srvinfo -ns >\\server\dir\%computername%.txt

:EOF
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top