Bugtraq mailing list archives
Re: Microsoft KB# to Advisory name mapping
From: "Michael C. Bazarewsky" <BazarewskyM () SOFTWARE-ANSWERS COM>
Date: Fri, 23 Mar 2001 12:12:22 -0500
All, The Microsoft Hot-Fix Checker: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24168 uses the file: http://www.microsoft.com/technet/security/search/bulletins.xml to tell it the mappings between Knowledge Base numbers, names, and advisory numbers. I suspect that making a modified version of the Hot-Fix Checker (which will report the current installed fixes (and not just the ones that are missing) for all products (and not just IIS 5.0) would not be difficult. -- Mike Bazarewsky -----Original Message----- From: Desmond Irvine [mailto:desmond.irvine () SHERIDANC ON CA] Sent: Thursday, March 22, 2001 2:18 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Microsoft KB# to Advisory name mapping Does anyone know where I could find a table that would map the Microsoft KB#'s that the hotfixes are associated with to the Advisory name (MS##-###)? I know XATO has a page something like what I want, but it doesn't seem to be complete or up to date: http://www.xato.net/advisories/beta/win2k.htm When looking at an NT server to determine what hotfixes have been applied you can run "hotfix -l" to get a dialog box with the KB#'s in it (Q147222, Q238606, etc.) You can also scan the registry in \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix to get a similar listing some of which will have comments and fix description keys that may or may not be useful in identifying the advisories they are associated with. What I ideally want to get is something like: MS00-086 - web server file request parsing vulnerabilty - Q277873 ... On a machine with unknown patches applied it can be a real pain to go from the KB#'s to the MS Advisories. Thanks, Desmond.
Current thread:
- Microsoft KB# to Advisory name mapping Desmond Irvine (Mar 23)
- <Possible follow-ups>
- Re: Microsoft KB# to Advisory name mapping Mark Maher (Mar 23)
- Re: Microsoft KB# to Advisory name mapping Michael C. Bazarewsky (Mar 25)