[TOOL] HFNetChk 3.3 now available

From: support@securiteam.com
Date: 01/29/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Tue, 29 Jan 2002 21:56:03 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  HFNetChk 3.3 now available
------------------------------------------------------------------------

DETAILS

HFNetChk is a command line tool used to assess a computer or group of
computers for their current security hotfix status. HFNetChk can be
launched from an NT4 or later system, and can report on hotfix status for
Windows NT 4.0, Windows 2000, Windows XP, IIS 4, IIS 5, IIS 5.1, Internet
Explorer 5.01 and later, SQL Server 7.0 and SQL Server 2000.

Updates:
The following issues have been addressed in the 3.3 release:

New Switches:
 (-u) and (-p) to specify username and password for scanning remote
systems.
 (-f) to write the results to a specified output file. (Note: this will
overwrite, not append, data to the specified output file.)
 (-fh) to specify the name of a file containing NetBIOS machine names to
scan. One machine name per line, 256 max per file.
 (fip) to specify the name of a file containing IP addresses to scan. One
IP address per line, 256 max per file.

Functional updates:
 - It is now possible to scan the local machine when the Server Service
has been disabled (or has not been installed.)
 - A warning message will be presented if the installed product is not
running the latest available Service Pack.
 - IP addresses may be used when executing a scan from a Windows NT 4
system. (Note: remote system IP addresses must resolve to machine names in
order for this feature to work from NT4 systems.)
 - Code has been added that will automatically check to see whether the
downloaded mssecure.cab file has been signed by Microsoft. If the
downloaded file (mssecure.cab) has been properly signed by Microsoft,
HFNetChk will automatically expand the file and will not prompt the user
to accept the signed package.
 - This version will correctly identify .NET server machines and IIS 6.0
machines. (Patches have not been released for these platforms, nor has the
XML file been updated with information on these platforms, but the proper
product names will now appear in the output.)
 - If the tool is unable to access the mssecure.cab file from the
Microsoft server, it will next try to download the expanded mssecure.xml
file from <http://www.microsoft.com/technet/security/search/mssecure.xml>
http://www.microsoft.com/technet/security/search/mssecure.xml. If this
also fails, HFNetChk will then search the local system for versions of the
CAB and XML files.

Output:
 - To enhance performance, tab output (-o tab) is required when scanning
more than 255 hosts.
 - Both MachineName and IPaddress are displayed in wrap and tab output.
Format is: MachineName (IPAddress) In instances where either value cannot
be resolved from the other, the known value will be displayed in both
locations.

Enhancements:
 - Fixed bug where domain controllers were identified as workstations
instead of servers. As a result, not all available hotfixes would be
displayed when scanning domain controllers.
 - Results include status on all installed products, even when a given
product is up to date on patches.
 - Text alignment has been enhanced for wrap and tab output.
 - Enhanced error reporting when access is denied to a machine or there is
an error in reading the remote system's registry.
 - Improved -d domain scanning.
 - Improved support when scanning workgroups (using -d).
 - Improved memory management when performing large scans.
 - Improved recognition for SQL Server 2000 Service Packs.

Additional features, such as scanning for Exchange Server or Microsoft
Office patches, are being considered for a future release of HFNetChk and
are not included in this release.

ADDITIONAL INFORMATION

The tool can be downloaded from:
 <http://www.microsoft.com/downloads/release.asp?releaseid=31154>
http://www.microsoft.com/downloads/release.asp?releaseid=31154

The information has been provided by <mailto:hfnetchk@MICROSOFT.COM>
HFNetchk Feedback.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages