 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
There are tools like Eeye's Retina scanner and ISS's scanner that can test for vulnerabilities that the patches address. In addition, NMAP is free and can test for numerous vulnerabilities. Rather than seeing if the patch is installed, these scanners determine if the system is vulnerable regardless of proper patch installation. Tools like this should be used in conjunction with vulnerability and patch tools to better determine whether patches were actually installed correctly. Each patchmanagement software / vulnerability software determines whether patches are installed via different methods (registry setting exists, dll's are updated, file checksums, etc). However, these types of scanners can determine if the system is still vulnerable regardless of whether patchmanagement or Windows Update says it is patched. This gives you more of a view from the exploiters perspective. Let's face it, their scanning tools will only determine if it is vulnerable so they can attack it or their worm will scan and exploit the vulnerability. So these types of scanners have their purpose for determining where your still vulnerable while addressing the need to find systems that do not have patches installed. If it's vulnerable, then the patch is not installed. No admin rights required. Joe Maloney CCSA, GSEC Security Administrator --- To unsubscribe send a blank email to [EMAIL PROTECTED]
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.