Re: Remote rollout script for ms03-026
From: Jonathan Goldberg (jgoldberg_at_NOWLDEF.ORG)
Date: Wed, 6 Aug 2003 10:23:38 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Steve (and others),
First, thank you for sharing this method with the community. I distribute
patches to all of my Win2K workstations with a similar method, it's
incredibly quick and effective. I offer the following as caveats and
constructive criticism, and in no way do I mean to devalue your work, or
your willingness to share it.
1) psexec is a great tool, but you should be aware that it passes the
administrator password in plaintext. There's a way around this which
involves calling at.exe (a CLI interface to the Task Scheduler) to schedule
a task for, say, 5 minutes from now. You do this while logged in at your
computer, and at.exe allows you to specify the remote computer.
2) Many systems have wscript.exe removed as part of their hardening process.
My method (which I won't share publicly because it's actually embarrassingly
kludgy, people can e-mail me off-list if they'd like a copy) uses freeware
tools and batch files to accomplish a similar goal to your .vbs file.
Free tools that I use:
Getver.exe - a CLI tool that returns the version of an exe/com/dll/etc.
Available at http://thunder.prohosting.com/~ladi/e_cmd32.html.
Reg.exe - This is part of the free WinNT resource kit download.
Queries/updates the registry from the commandline. Available at
Now.exe - Available for free at
p, it outputs the date/time to a logfile. You can use environment variables
%date% and %time% as well, but now.exe works on Win9x as well, so I use it
on Win2K for easier parsing of logfiles that patch both OSes.
A quick example (this is part of a login script that patches Win9x for
MS03-023, unless it's already patched):
\\server1\netlogon\getver "c:\Program Files\Common Files\Microsoft
Shared\TEXTCONV\html32.cnv" | find "5426" > nul
If errorlevel 1 \\server2\sys\Updates\patches\823559usa8.exe /q /r:n
Thanks again for your scripts,
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to