Free Scanner Probes PCs For Critical Windows Bug

"We have released a free vulnerability assessment tool for the critical, and potentially wormable, MS06-040 vulnerability," wrote Marc Maiffret, eEye's chief hacking officer, in an e-mail. "[It] does not require administrator access to machines, so it will give IT administrators a real-world perspective on where their network stands against this attack regardless of what they think they have or have not patched," Maiffret added.

The Retina MS06-040 NetApi32 Scanner is available in two versions: one that scans up to 16 systems simultaneously, another that handles up to 256 PCs. Both downloads require an e-mail address.

Microsoft has urged Windows users to patch the vulnerability detailed in security bulletin MS06-040 first, before addressing others in the Tuesday batch; meanwhile, most security analysts have pegged the Windows Server service bug as the worst of the 23 disclosed this week.

"The sooner that vulnerable machines are identified and patched, the smaller the possibility will be of a successful Internet worm attack," said Maiffret.

Retina MS06-040 NetApi32 Scanner can be downloaded from the eEye site.

The Windows 2000, XP, and Server 2003 patches for the Server flaw can be obtained via Microsoft and Windows Update services, or directly from this Microsoft site.