MS03-039 Plugin and WinXP SP2
Jason Haar
Jason.Haar at trimble.co.nz
Tue Aug 10 04:24:39 EDT 2004
On Mon, Aug 09, 2004 at 11:53:28PM -0700, Jefferson Cowart wrote:
> It appears that some change MS has made in SP2 for Windows XP has caused the
> nessus plugin for MS03-039, 11835, to return lots of false positives. Every
> single SP2 machine I have scanned has turned up as vulnerable to this hole.
> (Note I had to turn off the firewall on the SP2 box to get any results.) Is
> anyone else seeing this?
I am seeing XP-SP2 machines showing up these old holes too:
Nessus ID : 12205 (ms04-011.mspx)
Nessus ID : 12206 (ms04-012.mspx)
Nessus ID : 11888 (MS03-043)
The latter is pretty funny as it's a Messenger service hole - and these SP2
boxes have Messenger disabled!!! :-)
I'm assuming some registry keys have changed - ruining the check?
[I'm running Nessus on about 20 Windows-specific checks, safe-mode enabled
majorly. Last thing I wanted was crashed hosts]
BTW: should Nessus state there's a "security hole" on a host when a
"registry" style check shows it's vulnerable, but the service is disabled? I
mean, I might be aware it's vulnerable, and that's why I disabled the
service? Or does it require the "dangerous" scans to confirm such findings?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Nessus
mailing list