ranger
2003-08-20, 10:07 AM
8/17 微軟剛發表 MS03-026 Scanning Tool掃瞄你的疾風病毒的修補程式是否安裝好
這支程式可掃瞄子網域中的所有電腦 建議網管人員使用
Last Reviewed: 8/17/2003
Keywords: kbhowto KB826369
最後更新 2003年8月17日
連結
http://download.microsoft.com/download/7/f/7/7f7f423a-cd47-4c43-bebf-1a18e79bcf72/DCOM-KB826369-X86-ENU.exe
說明
How to Use the KB 823980 Scanning Tool to Identify Host Computers That Do Not Have the 823980 Security Patch (MS03-026) Installed
The information in this article applies to:
Microsoft Windows Server 2003, Standard Edition
Microsoft Windows Server 2003, Datacenter Edition
Microsoft Windows Server 2003, Enterprise Edition
Microsoft Windows Server 2003, Enterprise Edition for the Workstation
Microsoft Windows Server 2003, 64-Bit Datacenter Edition
Microsoft Windows Server 2003, 64-Bit Enterprise Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Professional
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows XP 64-Bit Edition Version 2002
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 Terminal Server Edition
Microsoft Windows NT Workstation 4.0
SUMMARY
Microsoft has released a KB 823980 scanning tool (KB823980scan.exe) that network administrators can use to identify host computers on their network that do not have the 823980 security patch (MS03-026) installed. For additional information about the 823980 security patch (MS03-026), click the following article number to view the article in the Microsoft Knowledge Base:
823980 MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
For additional information about a new worm virus that tries to exploit the DCOM RPC vulnerability that is fixed by the 823980 security patch (MS03-026), click the following article number to view the article in the Microsoft Knowledge Base:
826955 Virus Alert About the Blaster Worm and Its Variants
For additional information about how network administrators can use Windows Management Instrumentation scripting to install the 823980 security patch (MS03-026) on unpatched computers in their Windows NT, Windows 2000, or Windows Server 2003 domain, click the following article number to view the article in the Microsoft Knowledge Base:
827227 How to Use a Visual Basic Script to Install the 823980 Security Patch (MS03-026) on Remote Host Computers
MORE INFORMATION
The KB823980scan.exe tool can scan remote host computers without requiring authentication (that is, you do not have to supply valid credentials on the remote host computer). Use of the KB823980scan.exe tool does not affect the stability of the target operating system that is scanned.
You can use the KB823980scan.exe tool from a Windows Server 2003-based, Windows XP-based, or Windows 2000-based computer to scan your network to identify host computers that do not have the 823980 security patch (MS03-026) installed.
Download Information
To download the KB823980scan.exe tool, visit the following Microsoft Web site, and then download the Dcom-kb826369-x86-enu.exe installation package:
http://microsoft.com/downloads/deta...;displaylang=en
To install the KB823980scan.exe tool, double-click the DCOM-KB826369-X86-ENU.exe installation package that you downloaded. The tool is a command-line utility that is installed in the KB823980Scan subfolder of the Program Files folder or the Program Files (x86) folder for 64-bit versions of Windows XP or Windows Server 2003.
Usage
When you run the KB823980scan.exe tool with the /? switch (or with no switches), the following information is shown:Microsoft (R) KB823980 Scanner Version 1.00.0002 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
The purpose of KB823980Scan.exe is to audit Windows systems over the network
for KB823980 patch compliance. KB823980Scan.exe allows
administrators to quickly scan enterprise networks for unpatched systems.
Usage: KB823980Scan.exe [/?] [/i:input_file] [/l[:log_file]]
[/out_file] [/t:timeout] [/v] target ...
Targets can take any of the following forms:
a.b.c.d - IP address
a.b.c.d-i.j.k.l - IP address range
a.b.c.d/mask - IP address with CIDR mask
host - unqualified hostname
host.domain.com - fully-qualified domain name
localhost - check local machine
Targets can be specified on the command line & in user-specified input files.
KB823980Scan.exe maintains an informational log in the current directory.
The log files will take the form KB823980Scan_YYMMDD[a-z][a-z].log, where YY
is the two digit year, MM is the two digit month, and DD is the two digit day.
The [a-z][a-z] will be appended to the log file name as additional scans are
completed on the same day.
KB823980Scan.exe will create a list of vulnerable systems (unpatched as well
as those with KB823980 installed) in the current working directory. This file
should be fed as input to the autopatching script that you write. This file
will be named "Vulnerable.txt" by default. Its name can be changed with the
/o switch.
KB823980Scan.exe has a default timeout of 5 seconds, which should be fine
for most networks. If your network is slow or has IPSec enabled then you
might want to increase the timeout to 10 seconds or more.
Sample Output
C:\>kb823980scan 10.1.1.1/24
Microsoft (R) KB823980 Scanner Version 1.00.0002 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
<+> Starting scan (timeout = 5000 ms)
Checking 10.1.1.0 - 10.1.1.255
10.1.1.1: connection to tcp/135 refused
10.1.1.2: unpatched
10.1.1.3: host unreachable
10.1.1.4: patched with KB823980
10.1.1.5: patched with KB823980
10.1.1.6: patched with KB823980
10.1.1.7: connection to tcp/135 refused
10.1.1.8: unpatched
10.1.1.9: patched with KB823980
.
.
.
.
<snip>
<-> Scan completed
Statistics:
Patched with KB823980 = 40
Unpatched = 11
TOTAL HOSTS SCANNED = 51
Needs Investigation = 0
Connection refused = 3
Host unreachable = 202
Errors = 0
TOTAL HOSTS SKIPPED = 205
TOTAL ADDRESSES SCANNED = 256
Explanation of Error Messages, Status, and Statistics
A "host unreachable" error message indicates that no host is present at the specified Internet Protocol (IP) address. Additionally, a firewall that black holes packets, such as Internet Connection Firewall (ICF), also returns a "host unreachable" error message.
A "connection to tcp/135 refused" error message indicates either that no service is listening on TCP port 135 or that TCP port 135 is being filtered (either by the Windows TCP/IP stack or by a firewall or a router).
An "unpatched" status indicates that the host that was scanned is a Windows host but does not have the 823980 security patch (MS03-026)installed.
The "Needs Investigation" counter indicates that some Internet protocols did not respond to a connection attempt on TCP port 135 and therefore could not be scanned for the security patches.
Log Files That the KB823980scan.exe Tool Creates
KB823980Scan_YYMMDD[a-z][a-z].log: This log file is for informational purposes.
Vulnerable.txt: This log file contains a list of the IP addresses for computers on your network that do not have the 823980 (MS03-026) security patch installed. You can use the Vulnerable.txt log file without modification as the input file (Ipfile.txt) for the Patchinstall.vbs script that is described in Microsoft Knowledge Base article 827227. Note that the Vulnerable.txt log file is overwritten every time that you run KB823980scan.exe. For the sample output that is described in the "Sample Output" section in this article, the Vulnerable.txt log file would contain the following entries:
10.1.1.2
10.1.1.8
Known Issues
You cannot use double-byte character set (DBCS) characters in the path for the input file, the output file, the log file, or the host computer when you use the KB823980scan.exe tool.
You cannot run the KB823980scan.exe tool on a computer that is running Windows NT 4.0, Microsoft Windows 98, or Microsoft Windows Millennium Edition. However, you can run this tool from Windows Server 2003-based, Windows XP-based, or Windows 2000-based computers to scan a remote host computer that is running Windows NT 4.0.
贊助商連結
這支程式可掃瞄子網域中的所有電腦 建議網管人員使用
Last Reviewed: 8/17/2003
Keywords: kbhowto KB826369
最後更新 2003年8月17日
連結
http://download.microsoft.com/download/7/f/7/7f7f423a-cd47-4c43-bebf-1a18e79bcf72/DCOM-KB826369-X86-ENU.exe
說明
How to Use the KB 823980 Scanning Tool to Identify Host Computers That Do Not Have the 823980 Security Patch (MS03-026) Installed
The information in this article applies to:
Microsoft Windows Server 2003, Standard Edition
Microsoft Windows Server 2003, Datacenter Edition
Microsoft Windows Server 2003, Enterprise Edition
Microsoft Windows Server 2003, Enterprise Edition for the Workstation
Microsoft Windows Server 2003, 64-Bit Datacenter Edition
Microsoft Windows Server 2003, 64-Bit Enterprise Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Professional
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows XP 64-Bit Edition Version 2002
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 Terminal Server Edition
Microsoft Windows NT Workstation 4.0
SUMMARY
Microsoft has released a KB 823980 scanning tool (KB823980scan.exe) that network administrators can use to identify host computers on their network that do not have the 823980 security patch (MS03-026) installed. For additional information about the 823980 security patch (MS03-026), click the following article number to view the article in the Microsoft Knowledge Base:
823980 MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
For additional information about a new worm virus that tries to exploit the DCOM RPC vulnerability that is fixed by the 823980 security patch (MS03-026), click the following article number to view the article in the Microsoft Knowledge Base:
826955 Virus Alert About the Blaster Worm and Its Variants
For additional information about how network administrators can use Windows Management Instrumentation scripting to install the 823980 security patch (MS03-026) on unpatched computers in their Windows NT, Windows 2000, or Windows Server 2003 domain, click the following article number to view the article in the Microsoft Knowledge Base:
827227 How to Use a Visual Basic Script to Install the 823980 Security Patch (MS03-026) on Remote Host Computers
MORE INFORMATION
The KB823980scan.exe tool can scan remote host computers without requiring authentication (that is, you do not have to supply valid credentials on the remote host computer). Use of the KB823980scan.exe tool does not affect the stability of the target operating system that is scanned.
You can use the KB823980scan.exe tool from a Windows Server 2003-based, Windows XP-based, or Windows 2000-based computer to scan your network to identify host computers that do not have the 823980 security patch (MS03-026) installed.
Download Information
To download the KB823980scan.exe tool, visit the following Microsoft Web site, and then download the Dcom-kb826369-x86-enu.exe installation package:
http://microsoft.com/downloads/deta...;displaylang=en
To install the KB823980scan.exe tool, double-click the DCOM-KB826369-X86-ENU.exe installation package that you downloaded. The tool is a command-line utility that is installed in the KB823980Scan subfolder of the Program Files folder or the Program Files (x86) folder for 64-bit versions of Windows XP or Windows Server 2003.
Usage
When you run the KB823980scan.exe tool with the /? switch (or with no switches), the following information is shown:Microsoft (R) KB823980 Scanner Version 1.00.0002 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
The purpose of KB823980Scan.exe is to audit Windows systems over the network
for KB823980 patch compliance. KB823980Scan.exe allows
administrators to quickly scan enterprise networks for unpatched systems.
Usage: KB823980Scan.exe [/?] [/i:input_file] [/l[:log_file]]
[/out_file] [/t:timeout] [/v] target ...
Targets can take any of the following forms:
a.b.c.d - IP address
a.b.c.d-i.j.k.l - IP address range
a.b.c.d/mask - IP address with CIDR mask
host - unqualified hostname
host.domain.com - fully-qualified domain name
localhost - check local machine
Targets can be specified on the command line & in user-specified input files.
KB823980Scan.exe maintains an informational log in the current directory.
The log files will take the form KB823980Scan_YYMMDD[a-z][a-z].log, where YY
is the two digit year, MM is the two digit month, and DD is the two digit day.
The [a-z][a-z] will be appended to the log file name as additional scans are
completed on the same day.
KB823980Scan.exe will create a list of vulnerable systems (unpatched as well
as those with KB823980 installed) in the current working directory. This file
should be fed as input to the autopatching script that you write. This file
will be named "Vulnerable.txt" by default. Its name can be changed with the
/o switch.
KB823980Scan.exe has a default timeout of 5 seconds, which should be fine
for most networks. If your network is slow or has IPSec enabled then you
might want to increase the timeout to 10 seconds or more.
Sample Output
C:\>kb823980scan 10.1.1.1/24
Microsoft (R) KB823980 Scanner Version 1.00.0002 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
<+> Starting scan (timeout = 5000 ms)
Checking 10.1.1.0 - 10.1.1.255
10.1.1.1: connection to tcp/135 refused
10.1.1.2: unpatched
10.1.1.3: host unreachable
10.1.1.4: patched with KB823980
10.1.1.5: patched with KB823980
10.1.1.6: patched with KB823980
10.1.1.7: connection to tcp/135 refused
10.1.1.8: unpatched
10.1.1.9: patched with KB823980
.
.
.
.
<snip>
<-> Scan completed
Statistics:
Patched with KB823980 = 40
Unpatched = 11
TOTAL HOSTS SCANNED = 51
Needs Investigation = 0
Connection refused = 3
Host unreachable = 202
Errors = 0
TOTAL HOSTS SKIPPED = 205
TOTAL ADDRESSES SCANNED = 256
Explanation of Error Messages, Status, and Statistics
A "host unreachable" error message indicates that no host is present at the specified Internet Protocol (IP) address. Additionally, a firewall that black holes packets, such as Internet Connection Firewall (ICF), also returns a "host unreachable" error message.
A "connection to tcp/135 refused" error message indicates either that no service is listening on TCP port 135 or that TCP port 135 is being filtered (either by the Windows TCP/IP stack or by a firewall or a router).
An "unpatched" status indicates that the host that was scanned is a Windows host but does not have the 823980 security patch (MS03-026)installed.
The "Needs Investigation" counter indicates that some Internet protocols did not respond to a connection attempt on TCP port 135 and therefore could not be scanned for the security patches.
Log Files That the KB823980scan.exe Tool Creates
KB823980Scan_YYMMDD[a-z][a-z].log: This log file is for informational purposes.
Vulnerable.txt: This log file contains a list of the IP addresses for computers on your network that do not have the 823980 (MS03-026) security patch installed. You can use the Vulnerable.txt log file without modification as the input file (Ipfile.txt) for the Patchinstall.vbs script that is described in Microsoft Knowledge Base article 827227. Note that the Vulnerable.txt log file is overwritten every time that you run KB823980scan.exe. For the sample output that is described in the "Sample Output" section in this article, the Vulnerable.txt log file would contain the following entries:
10.1.1.2
10.1.1.8
Known Issues
You cannot use double-byte character set (DBCS) characters in the path for the input file, the output file, the log file, or the host computer when you use the KB823980scan.exe tool.
You cannot run the KB823980scan.exe tool on a computer that is running Windows NT 4.0, Microsoft Windows 98, or Microsoft Windows Millennium Edition. However, you can run this tool from Windows Server 2003-based, Windows XP-based, or Windows 2000-based computers to scan a remote host computer that is running Windows NT 4.0.
贊助商連結