Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

eEye Releases Free Scanner for MS06-040

Published: 2006-08-11
Last Updated: 2006-08-11 02:07:24 UTC
by Lorna Hutcheson (Version: 2)
0 comment(s)
We received a heads up tonight from Marc Maiffret (thanks Marc!!) that eEye had released a free vulnerability scanner that searches for the MS06-040 vulnerability.  According to Marc:

"we have released a free vulnerability assessment tool for the critical, and potentially wormable, MS06-040 vulnerability. This free tool can be used by IT administrators to scan their networks for any potentially vulnerable machines. This tool does not require administrator access to machines so it will give IT administrators a real-world perspective on where their network stands against this attack regardless of what they think they have or have not patched yet."


Another email about the scanner went out to a public mailing list and provided an email address in case you find bugs in it:

"Look forward to your feedback and please feel free to email skunkworks@eeye.com if you find any bugs in it etc..."

No one around the ISC has had a chance to test it yet, but many of us have downloaded for tomorrow.  Here is the tool and the link for it!

Retina MS06-040 NetApi32 Scanner
http://www.eeye.com/html/resources/downloads/audits/NetApi.html

Happy Scanning!

UPDATE

While testing the 16 IP address version (and as confirmed by one of our readers) we noticed a small bug with this tool. When selecting which IP addresses to scan, the user can pick between a single IP address, an IP range and a CIDR notation.
If the IP range option was used, a user simply has to enter the first and last IP address (there can be no more than 16 IP addresses scanned at the time). However, for some reason the tool doesn't scan the last 2 IP addresses. You can, of course, include those 2 IP addresses in the following scan, but we just wanted to warn you if you are already using this. We've contacted eEye and believe they will release a new version soon (the currently available version is 1.0.0.5).

Other than that we just wanted to add that, in order to download the tool, you have to either submit your e-mail address (for the 16 IP scanner) or fully register on eEye's site (this is required for the 256 IP scanner).



Keywords:
0 comment(s)
Diary Archives