|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Microsoft Security Update
From: Luke Smith (luke
smith.name)
Date: Thu Sep 04 2003 - 17:53:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>MS03-034 (NetBIOS information disclosure) gets a rating of Low, even
though
>Blaster showed us just how many Windows installations run with all
ports
>accessible.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulleti
n/MS03-034.asp
"Under certain conditions, the response to a NetBT Name Service query
may, in addition to the typical reply, contain random data from the
target system's memory. This data could, for example, be a segment of
HTML if the user on the target system was using an Internet browser, or
it could contain other types of data that exist in memory at the time
that the target system responds to the NetBT Name Service query."
It's not something you could directly own the box with, unlike RPC vuln
that Blaster uses; it merely exposes some trivia, thus the "low" rating.
Cheers,
Luke Smith
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]