Patch ? pentru vulnerabilitati sisteme NT

Internet Anti-Intrusion Patch Verification and Intrusion
Evidence Scanner — for Microsoft Windows NT

On March 8, 2001, the Federal Bureau of Investigation released information about a series of economic extortion attacks that had already hit more than 40 e-banking and e-commerce sites running Windows NT. More than 1,000,000 credit cards have been stolen and the primary crime is extortion in which the criminals demand money to keep sites safe from "other hackers" and to keep the site's credit card information confidential. A more complete description of the attacks is posted at the SANS Institute site (www.sans.org). In its announcement, the FBI reported that the attackers were using specific well-known Windows NT vulnerabilities and often, after a successful attack, they left specific files on the victim's computers.  
SANS and the Center for Internet Security asked Steve Gibson of Gibson Research (www.grc.com) to create a program that would determine instantly whether a Windows NT system is vulnerable to the attack and whether it has the files that indicate it has already been compromised. The program he created is called PatchWork. PatchWork checks for the vulnerabilities listed by the FBI, and if any are found, points you directly to the Microsoft patches. Then PatchWork allows you to verify that they were installed correctly.  

Unauthorized Access to IIS Servers through Open Database Connectivity (ODBC) Data Access with Remote Data Service (RDS)  
Systems Affected: Windows NT running IIS with RDS enabled.

SQL Query Abuse Vulnerability
Affected Software Versions: Microsoft SQL Server Version 7.0 and Microsoft Data Engine (MSDE) 1.0

Registry Permissions Vulnerability
Systems Affected: Windows NT 4.0 Workstation, Windows NT 4.0 Server

Web Server File Request Parsing

ntalert.exe  
sysloged.exe  
tapi.exe  
20.exe  
21.exe  
25.exe  
80.exe  
139.exe  
1433.exe  
1520.exe  
26405.exe  
i.exe  
lomscan.exe  
mslom.exe  
lsaprivs.exe  
pwdump.exe  
serv.exe  
smmsniff.exe