Bugtraq mailing list archives
RE: Another Low Blow From Microsoft: MBSA Failure!
From: "Drew Copley" <dcopley () eeye com>
Date: Tue, 10 Feb 2004 16:09:25 -0800
BTW, I should note that one user did respond back to my pseudo-challenge and noted that small businesses like his can not afford professional vulnerability assessment solutions. I apologize for alienating these users. To such users: please start using the free Nessus tool. Use MBSA as a back-up. Check in-person on any suspicious anomalies.
-----Original Message----- From: Drew Copley [mailto:dcopley () eeye com] Sent: Tuesday, February 10, 2004 11:08 AM To: dotsecure () hushmail com; full-disclosure () lists netsys com; bugtraq () securityfocus com; patchmanagement () listserv patchmanagement org Subject: RE: Another Low Blow From Microsoft: MBSA Failure!-----Original Message----- From: dotsecure () hushmail com [mailto:dotsecure () hushmail com] Sent: Tuesday, February 10, 2004 10:21 AM To: full-disclosure () lists netsys com; bugtraq () securityfocus com; patchmanagement () listserv patchmanagement org Subject: Another Low Blow From Microsoft: MBSA Failure! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another Low Blow from Microsoft. Within the last few weeks at our company we have been doingtesting tofind out total number of patched machines we have againstthe latestMessenger Service Vulnerability. After checking fewthousand computerswe have found several hundred were still affected even though patch has been applied. We have scanned with Retina, Foundstoneand Qualystools which they all showed as "VULNERABLE", however whenwe scannedwith Microsoft Base Security Analyzer it showed as "NOTVULNERABLE".This was at first confusing; one would think an assessment tool released by the original vendor would actually be accurate<snip>Had we trusted Microsoft Base Analyzer we would still be vulnerable.Retina has the same potential functionality as MBSA. We can also do registry and file checks. And, sometimes we do. But, we try to do remote checks that are non-intrusive and that do not use these. A big reason for this is that remote registry and file checks are very unreliable. (Far beyond just the fact that someone could fake out the scanner by putting a dummy file or registry entry up there intentionally). I don't know anyone that uses MBSA only for their network. It is an interesting toy, but it surely isn't capable of replacing a true vulnerability assessment solution.Questions comments email me at dotsecure () hushamail com or Aim: Evilkind.<snip>
Current thread:
- Another Low Blow From Microsoft: MBSA Failure! dotsecure (Feb 10)
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure! Valdis . Kletnieks (Feb 11)
- <Possible follow-ups>
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Joe DeMarco (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Frank Knobbe (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Eric McCarty (Feb 11)
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)