|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
NetSDK vulnerable to SQL Slammer
From: Schmehl, Paul L (pauls
UTDALLAS.EDU)
Date: Mon Jun 16 2003 - 10:42:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Every week I scan our network with Foundstone's (may they rest in peace)
:-) SQLScan. Recently I've been detecting vulnerable computers that
have NetSDK installed. Since these detections are recent, I surmise
that CS students are downloading and installing NetSDK so they can do
development work in the .net architecture.
Why Microsoft would make this software available **in a vulnerable
form** is beyond me, but I thought the list should know. It's likely
that at least some networks have this software installed and are
therefore vulnerable to another Slammer infection. One possible
scenario is: a CS student installs NetSDK, logs on to the Internet from
an external network, get's infected with Slammer, brings his laptop to
campus and infects the campus network.
NetSDK Downloads:
<http://msdn.microsoft.com/netframework/downloads/>
NetSDK Slammer Patch:
<http://msdn.microsoft.com/netframework/downloads/updates/sdkfix/faq.asp
x>
Foundstone's SQLScan:
http://www.foundstone.com/
Look in Home/Resources/Free Tools/Scanning Tools
Paul Schmehl (paulsutdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Free 14-day trial of New Threat & Vulnerability Notification Service
TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your free, no obligation 14-day trial today!
http://www.trusecure.com/offer/s0074/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]