null

MS05-051 Scan v1.0

Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution

MS05-051 Scan 1.0 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the vulnerabilities released in the MS05-051 bulletin.

MS05-051 Scan is intended for use by enterprise system and network administrators as a fast and reliable utility for identifying at risk Microsoft systems in a passive manner. This tool is non-abrasive in nature and may be run in production environments during production hours.

Limitations of the tool:
The scanner is limited to 10 outgoing connections on WIndows XP SP2. This scanning limitation is caused by SP2. All other platforms will have 64 concurrent scanning threads running.

If you have anti-virus running it *may* detect this tool as an exploit. This tool *does NOT* exploit the vulnerabilty it simply determines if the machine is vulnerable or not.

Vulnerability Information:
A remote code execution and local elevation of privilege vulnerability exists in the Microsoft Distributed Transaction Coordinator that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

Using a null session, an attacker could make an RPC request to the DTC interface on a Microsoft Windows system and potentially execute arbitrary code.

This McAfee Foundstone check detects the absence of the patch by attempting to trigger the vulnerability in a nonintrusive manner over RPC.

Affected systems:

Microsoft Windows 2000 (All Versions)

For more information see:
http://www.microsoft.com/technet/security/bulletin/MS05-051.mspx