I cant speak for the other tools but Retina's latest version of the check should be rather accurate. If your having any problems though let me know. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: Carter, Mike [mailto:Mike_Carterat_private] | Sent: Monday, August 11, 2003 10:35 PM | To: Charles Hamby; incidentsat_private | Subject: RE: MSBLASTER Infecting despite 03-026 patch? | | | This is something that really worries me, I've heard it to. | Also I am getting conflicting results when scanning for the patch | installation. I've been using MBSA, GFI LANguard and Retina which all | tell me something different. | Which one should I trust?? | Or is there something else I should be using? | | Thanks | Mike | | -----Original Message----- | From: Charles Hamby [mailto:fixerat_private] | Sent: Tuesday, August 12, 2003 5:13 PM | To: incidentsat_private | Subject: MSBLASTER Infecting despite 03-026 patch? | | | I have seen, and have heard other reports of, msblaster.exe worm | infecting a Windows computer that had the proper KB patch specified by | the 03-026 advisory. In the instance I personally saw it was a Windows | XP Professional workstation that was completely patched. The person who | used the workstation was surprised that they were infected since they | has applied the patch and I verified (via Add/Remove Programs) that they | did, indeed have the proper patch applied. I checked with my parent | organization and they had been receiving sporadic reports of patched | machines being infected despite being patched. Unfortunately I removed | the worm from the computer without copying it so I don't have a backup | of it for analysis. | | | | Has anyone else been seeing this phenomenon or do they have any idea why | this might have or might be happening? I know for a fact the patch that | was used came straight from Microsoft so I don't suspect a faulty patch. | | | Charles Hamby | | | ------------------------------------------------------------------------ | --- | ------------------------------------------------------------------------ | ---- | | | ------------------------------------------------------------------ | --------- | ------------------------------------------------------------------ | ---------- | | --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 22:48:36 PDT