This is from Marc Maiffret Chief Hacking Officer at eEye Digital Security
The way that Microsoft patched the new RPC Part II vulnerability actually breaks most scanning tools looking for the first flaw.http://www.eeye.com/html/Research/Tools/RPCDCOM.htmlThat is to say that if your company is using a scanning tool looking for MS03-026 and you have installed MS03-039 then your MS03-039 systems will be flagged as vulnerable, when they obviously are not.
Since we actually found the flaw we were able to update Retina and our free scanning tool to correctly identify this new vulnerability, and old, without getting false positives. Again, last time I checked ISS, Foundstone, and a couple free tools (MS's old version), will incorrectly identify systems as vulnerable to the old flaw, with this new patch installed.
Retina 4.9.126 and our free RPC scanner Version 1.1.0 have the correct checks that the rest of the scanners are going to need to "model themselves" after in order to accurately detect these RPC flaws. Again the free RPC scanner tool, with latest RPC check, can be downloaded from:
Comments