Stardate 20010820.0724 (On Screen): Microsoft has announced a pair of new tools for users of NT4 and Win2K in response to the recent Code Red assault, which while not being anything like as catastrophic as some people had predicted, has turned out to be a real annoyance for a lot of people. Microsoft actually had released a patch for the security hole that Code Red exploited; it was released a month before the assault. But a patch does no good if it isn't installed, and that's what these two tools are intended to help. One of them can be run from a DOS-prompt at a corporation and it will scan all the computers on its LAN and figure out the patching levels on each. The other is intended for home users: you visit a certain web site and it will tell you whether there are patches you need to install.
How, exactly, are these things finding this stuff out? If any computer can send queries to a NT/2K system and get back detailed information about configuration data, what the heck else can be gotten? Far from helping improve security, I think these tools just took it down another notch by exposing yet more "interesting" things for the hackers to delve into. If my sysadmin can in a friendly fashion check my computer remotely, why can't an black-hat do so as well? And what else can he learn? (discussion in progress)
Update 20010821: I stand corrected.
