Hello, all.
I have scanned our network by using Nessus.
But the result is vulnerable even for the server which MS03-031 patch is applied.
So I have checked smb_nt_ms03-031.nasl and I know that it checks the version of MS-SQL with registry key,
HKLM\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion.
When I checked the key, CSDVersion value was 8.00.760.
It is strange result.
And I checked the SQL version with SQL Query 'select @@version'
But the result was different from the one obtained by registry key.
IMHO, as a result, Nessus determined the server to be vulnerable, since it checks MS-SQL version with only registry key.
So could you please let me know if you have experienced such problem?
Then please give me some advice.
Thank you.
Best Regards,
YH Lee.
I have scanned our network by using Nessus.
But the result is vulnerable even for the server which MS03-031 patch is applied.
So I have checked smb_nt_ms03-031.nasl and I know that it checks the version of MS-SQL with registry key,
HKLM\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion.
When I checked the key, CSDVersion value was 8.00.760.
It is strange result.
And I checked the SQL version with SQL Query 'select @@version'
But the result was different from the one obtained by registry key.
IMHO, as a result, Nessus determined the server to be vulnerable, since it checks MS-SQL version with only registry key.
So could you please let me know if you have experienced such problem?
Then please give me some advice.
Thank you.
Best Regards,
YH Lee.