> >http://www.iss.net/support/product_utilities/ms03-026rpc.php > >Be sure to read the page. It isn't 100% accurate. > Scanms returns wrong answer when you disabled DCOM on the target box. (run dcomcnfg, uncheck the "Enable Distributed COM on this computer" checkbox) Target: Windows 2000 Pro SP4 with MS03-026 patch (Japanese version) Case A: "Enable Distributed COM on this computer" is checked D:\>scanms 192.168.183.129 --- ScanMs Tool --- (c) 2003 Internet Security Systems --- Scans for systems vulnerable to MS03-026 vuln More accurate for WinXP/Win2k, less accurate for WinNT ISS provides no warrantees for any purpose Use at own risk. Runs best from WinXP. IP Address REMACT SYSACT DCOM Version ----------------------------------------------------- 192.168.183.129 [ptch] [ptch] 5.6 Case B: "Enable Distributed COM on this computer" is un-checked D:\>scanms 192.168.183.129 --- ScanMs Tool --- (c) 2003 Internet Security Systems --- Scans for systems vulnerable to MS03-026 vuln More accurate for WinXP/Win2k, less accurate for WinNT ISS provides no warrantees for any purpose Use at own risk. Runs best from WinXP. IP Address REMACT SYSACT DCOM Version ----------------------------------------------------- 192.168.183.129 [VULN] [VULN] 5.6 I've already notified ISS X-Force of this issue. Makoto Shiotsuki --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 09:33:59 PDT