Re: Remote rollout script for ms03-026

From: Jonathan Goldberg (jgoldberg_at_NOWLDEF.ORG)
Date: 08/06/03

  • Next message: Russ: "Re: Windows 2003 IIS IP Binding - Bad default behaviour/security problem ..."
    Date:         Wed, 6 Aug 2003 10:23:38 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Steve (and others),

    First, thank you for sharing this method with the community. I distribute
    patches to all of my Win2K workstations with a similar method, it's
    incredibly quick and effective. I offer the following as caveats and
    constructive criticism, and in no way do I mean to devalue your work, or
    your willingness to share it.

    1) psexec is a great tool, but you should be aware that it passes the
    administrator password in plaintext. There's a way around this which
    involves calling at.exe (a CLI interface to the Task Scheduler) to schedule
    a task for, say, 5 minutes from now. You do this while logged in at your
    computer, and at.exe allows you to specify the remote computer.

    2) Many systems have wscript.exe removed as part of their hardening process.
    My method (which I won't share publicly because it's actually embarrassingly
    kludgy, people can e-mail me off-list if they'd like a copy) uses freeware
    tools and batch files to accomplish a similar goal to your .vbs file.

    Free tools that I use:
    Getver.exe - a CLI tool that returns the version of an exe/com/dll/etc.
    Available at http://thunder.prohosting.com/~ladi/e_cmd32.html.
    Reg.exe - This is part of the free WinNT resource kit download.
    Queries/updates the registry from the commandline. Available at
    http://download.microsoft.com/download/winntsrv40/rktools/1.0/NT4/EN-US/sp4r
    k_i386.Exe.
    Now.exe - Available for free at
    http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/now-o.as
    p, it outputs the date/time to a logfile. You can use environment variables
    %date% and %time% as well, but now.exe works on Win9x as well, so I use it
    on Win2K for easier parsing of logfiles that patch both OSes.

    A quick example (this is part of a login script that patches Win9x for
    MS03-023, unless it's already patched):
    \\server1\netlogon\getver "c:\Program Files\Common Files\Microsoft
    Shared\TEXTCONV\html32.cnv" | find "5426" > nul
    If errorlevel 1 \\server2\sys\Updates\patches\823559usa8.exe /q /r:n

    Thanks again for your scripts,
    Jon

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Russ: "Re: Windows 2003 IIS IP Binding - Bad default behaviour/security problem ..."

    Relevant Pages

    • Folly of Patching - MS Style
      ... Between MSBA and Windows Update and others, ... easy to understand matrix of patches. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Upgrade of SUS deletes patch database
      ... patches and he has to go back and re-approve everything. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Re: Alert: Microsoft Security Bulletin - MS03-039
      ... The way that Microsoft patched the new RPC Part II vulnerability ... Summer's Hottest Certification Just Got HOTTER! ... To learn more about the TICSA certification, ...
      (NT-Bugtraq)
    • Windows 2000 server issue
      ... accurately parse the lists of vulnerable machines produced by the scan ... of addresses directly on the script. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification ...
      (NT-Bugtraq)
    • Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
      ... The default Enhanced Security Configuration of IE ... access to files and folders on the local machine from the internet. ... With a growth rate exceeding 110%, the TICSA security practitioner certification is one of the hottest IT credentials available. ... And now, for a limited time, you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)