Numéro d'article: 827363 - Voir les produits auxquels s'applique cet article
Note On October 7, 2003, Microsoft released an updated version (1.00.0257) of the KB 824146 scanning tool (KB824146scan.exe) that incorporates several feature requests that are based on customer feedback. The major changes in version 1.00.0257 include the following:
Microsoft has released the KB 824146 scanning tool (KB824146scan.exe) that network administrators can use to identify host computers on their networks that do not have the 823980 (MS03-026) and the 824146 (MS03-039) security patches installed. This tool replaces the KB 823980 scanning tool (KB823980scan.exe).
Note If you use the KB823980scan.exe tool to scan a computer that has the 824146 security patch installed, the tool will incorrectly report that the computer is missing the 823980 security patch (MS03-026). Microsoft encourages customers to run the KB824146scan.exe tool to determine whether the host computers on their networks have the 823980 (MS03-026) and the 824146 (MS03-039) security patches installed. For additional information about the 824146 security patch (MS03-039), click the following article number to view the article in the Microsoft Knowledge Base:
824146For additional information about the 823980 security patch (MS03-026), click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/824146/ )MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs
823980For additional information about a new worm virus that tries to exploit the DCOM RPC vulnerability that is fixed by the 823980 security patch (MS03-026), click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/823980/ )MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution
826955For additional information about how network administrators can use Windows Management Instrumentation scripting to install the 823980 security patch (MS03-026) on unpatched computers in their Microsoft Windows NT, Microsoft Windows 2000, or Microsoft Windows Server 2003 domain, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/826955/ )Virus Alert About the Blaster Worm and Its Variants
(http://support.microsoft.com/kb/827227/ )How to Use a Visual Basic Script to Install the 824146 (MS03-039) or 823980 (MS03-026) Security Patch on Remote Host Computers
The KB824146scan.exe tool can scan remote computers to help network administrators identify which Windows-based computers do not have the 823980 (MS03-026) and the 824146 (MS03-039) security patches installed. The scan does not require authentication (that is, you do not have to supply valid credentials on the remote computer). The KB824146scan.exe tool does not affect the stability of the target operating system that is scanned.
You can use the KB824146scan.exe tool from a computer that is running Windows Server 2003, Windows XP, or Windows 2000. You can use it to scan Windows Server 2003-based, Windows XP-based, Windows 2000-based, or Windows NT 4.0-based computers on your network.
Download and Setup InformationTo download the KB824146scan.exe tool, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=13AE421B-7BAB-41A2-843B-FAD838FE472E&displaylang=enDownload the Dcom-kb827363-x86-enu.exe installation package. To install the KB824146scan.exe tool, double-click the Dcom-kb827363-x86-enu.exe installation package that you downloaded. The tool is a command-line utility that is installed in the KB824146scan subfolder of the Program Files folder, or in the KB824146scan subfolder of the Program Files (X86) folder for 64-bit versions of Windows XP or Windows Server 2003.
Usage InformationTo run the KB824146scan.exe tool, follow these steps:
Microsoft (R) KB824146 Scanner Version 1.00.0257 for 80x86 Copyright (c) Microsoft Corporation 2003. All rights reserved. The purpose of KB824146Scan.exe is to audit Windows systems over the network for KB824146 and KB823980patch compliance. KB824146Scan.exe allows administrators to quickly scan enterprise networks for unpatched systems. Usage: KB824146Scan.exe [/?] [/i:input_file] [/l[:log_file]] [/n] [/o:out_file] [/r] [/t:timeout] [/v] target ... Targets can take any of the following forms: a.b.c.d - IP address a.b.c.d-i.j.k.l - IP address range a.b.c.d/mask - IP address with CIDR mask host - unqualified hostname host.domain.com - fully-qualified domain name localhost - check local machine Targets can be specified on the command line & in user-specified input files. The format of the input file is one target per line. KB824146Scan.exe maintains a log file in the current directory if the /l switch is specified on the command line. (Otherwise output is only sent to the screen.) The log files will take the form of KB824146Scan_YYMMDD[a-z][a-z].log, where YY is the two digit year, MM is the two digit month, and DD is the two digit day. The [a-z][a-z] will be appended to the log file name as additional scans are completed on the same day. Please note that the log output will only contain essential information. To capture full information, please specify the /v switch for verbose logging. KB824146Scan.exe will create a list of vulnerable systems (unpatched as well as those with KB823980 installed) in the current working directory. The log files will take the form of Vulnerable_YYMMDD[a-z][a-z].log, where YY is the two digit year, MM is the two digit month, and DD is the two digit day. The [a-z][a-z] will be appended to the log file name as additional scans are completed on the same day. Its name can be changed with the /o switch. KB824146Scan.exe will resolve IP addresses to DNS names if the /r switch is given on the command line. This may incur a performance penalty if your DNS servers are slow in responding. KB824146Scan.exe will resolve IP addresses to NetBIOS names if the /n switch is given on the command line. This may incur a performance penalty if the remote NetBIOS connection is slow in responding. KB824146Scan.exe has a default timeout of 5 seconds, which should be fine for most networks. If your network is slow or has IPSec enabled then you might want to increase the timeout to 10 seconds or more. Use /t to specify the number of seconds for the timeout.
Sample OutputThe following is a sample of the command-line output that is shown by KB824146Scan.exe when you use it to scan a range of IP addresses (10.1.1.0 through 10.1.1.255 in this example).
C:\>kb824146scan 10.1.1.1/24 Microsoft (R) KB824146 Scanner Version 1.00.0257 for 80x86 Copyright (c) Microsoft Corporation 2003. All rights reserved. <+> Starting scan (timeout = 5000 ms) Checking 10.1.1.0 - 10.1.1.255 10.1.1.1: unpatched 10.1.1.2: patched with both KB824146 (MS03-039) and KB823980 (MS03-026) 10.1.1.3: Patched with only KB823980 (MS03-026) 10.1.1.4: host unreachable 10.1.1.5: DCOM is disabled on this host 10.1.1.6: address not valid in this context 10.1.1.7: connection failure: error 51 (0x00000033) 10.1.1.8: connection refused 10.1.1.9: this host needs further investigation <-> Scan completed Statistics: Patched with both KB824146 (MS03-039) and KB823980 (MS03-026) .... 1 Patched with only KB823980 (MS03-026) ............................ 1 Unpatched ............................. 1 TOTAL HOSTS SCANNED ................... 3 DCOM Disabled ......................... 1 Needs Investigation ................... 1 Connection refused .................... 1 Host unreachable ...................... 248 Other Errors .......................... 2 TOTAL HOSTS SKIPPED ................... 253 TOTAL ADDRESSES SCANNED ............... 256
Error Messages, Status, and Statistics
Log Files That the KB824146Scan.exe Tool CreatesNote These log files are created in the current working folder (that is, the folder where you run KB824146Scan.exe). By default, this is the KB824146scan subfolder of the Program Files folder, or the KB824146scan subfolder of the Program Files (X86) folder for 64-bit versions of Windows XP or Windows Server 2003.
Numéro d'article: 827363 - Dernière mise à jour: lundi 11 juillet 2005 - Version: 4.5
Les informations contenues dans cet article s'appliquent au(x) produit(s) suivant(s):
L'INFORMATION CONTENUE DANS CE DOCUMENT EST FOURNIE PAR MICROSOFT SANS GARANTIE D'AUCUNE SORTE, EXPLICITE OU IMPLICITE. L'UTILISATEUR ASSUME LE RISQUE DE L'UTILISATION DU CONTENU DE CE DOCUMENT. CE DOCUMENT NE PEUT ETRE REVENDU OU CEDE EN ECHANGE D'UN QUELCONQUE PROFIT.