Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: new IIS worm? (rcp lsass.exe)
From: Christoph Puppe <puppe () hisolutions com>
Date: Wed, 25 Sep 2002 11:17:29 +0200
zeno wrote:

Does anyone know of a gui windows tool that scans your system and provides you with a list
of needed patches, and then allows you to select, and have it autodownload and install them?
I can't seem to find one (needed mostly for iis).
Try the IIS Lockdown Tool, removes most extensions (htw, idq et all) and even more important, removes the execute permission from command line tools which are commonly used by attackers (cmd, tftp, ...). 

Remember to re-run it after installing a SP!
It installs the URLScann as well, but this seems to be a little flask of snake oil, because it checks URLs before they go into the deeper layers of the IIS (remember the first 3 Patches for the doubel-encoding and Unicode Vulns!).
Remember to scan your hosts often (like once a week) with a security scanner, for example Nessus.org or IIS or Lanscan from GFI. 

--
Mit freundlichen Gruessen,
Christoph Puppe

We secure your business.(TM)
***************************************************************
HiSolutions AG                phone:  +49 30 533289-0
Bouchestrasse 12                fax:  +49 30 533289-99
D-12435 Berlin                  www:  http://www.HiSolutions.com/
***************************************************************



____________________________________

E-Mail Disclaimer

Der Inhalt dieser E-Mail ist ausschliesslich fuer den bezeichneten
Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat
dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie
bitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. The information contained in this email is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. 
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]