We received a heads up tonight from Marc Maiffret (thanks Marc!!) that eEye had released a free vulnerability scanner that searches for the MS06-040 vulnerability. According to Marc:
"we have released a free vulnerability assessment tool for the critical, and potentially wormable, MS06-040 vulnerability. This free tool can be used by IT administrators to scan their networks for any potentially vulnerable machines. This tool does not require administrator access to machines so it will give IT administrators a real-world perspective on where their network stands against this attack regardless of what they think they have or have not patched yet."
Another email about the scanner went out to a public mailing list and provided an email address in case you find bugs in it:
"Look forward to your feedback and please feel free to email firstname.lastname@example.org if you find any bugs in it etc..."
No one around the ISC has had a chance to test it yet, but many of us have downloaded for tomorrow. Here is the tool and the link for it!
Retina MS06-040 NetApi32 Scanner
Aug 10th 2006
1 decade ago