RE: OT but related.

["Parker, Jeff (MSE)" <jeff.t.parker () hp com>]

Yes, I've signed on to this list only 2 days ago and have noticed the
very same cross-posting.

Case in point:
My group uses Update Expert - I noticed, determined and documented how &
why it fails to successfully roll up Win2K SP4 and MS03-026.
I sent this information to Russ (NTBugtraq's editor & moderator) and he
posted it.
Crazy enough, this info shows up a few hours later from Paul Schmehl's
as his posting "Patching Networks redux."
Wording is pretty much identical.

Let me be the first to cite Russ's actual (original) posting:

***********************
FYI, it is worth reminding people that some patch checking tools don't
do a complete check. Windows Update doesn't check files, and it would
seem that other products have problems also.

Some tools only check for the presence of a registry key indicating that
a hotfix was applied. Other tools, such as Shavlik's HFNetchk and MBSA
(and others) actually check file details, including a checksum, to
verify that the files in play are actually the right versions.

I was speaking with Jeff.t.Parker @ hp.com about this issue. His
observations confirm this (see below). If patched files are reverted to
previous versions, for whatever reason, Windows Update and (at least in
this case) Update Expert (and possibly other such tools) will
incorrectly assert you have the patch applied when in fact you don't.

He wrote in to advise that Update Expert (v6.0 build 6069) is giving
erroneous results at least in some cases. After applying SP4
concurrently with MS03-026 (using Update Expert), Jeff noticed some
interesting results. The resulting versions of the files contained in
MS03-026 on some machines were;

5.0.2195.6692        ole32.dll
5.0.2195.6701        rpcrt4.dll
5.0.2195.6702        rpcss.dll

This led to Windows Update and Update Expert both reporting that the
systems had MS03-026 applied (wrong). MBSA and eEye's Retina both said
the systems *did not* have MS03-026 applied (right).

While this may be a problem with the way Update Expert deploys Service
Pack + Hotfix combinations, it also demonstrates the problem Windows
Update has by not being able to examine file details (relying only on
registry entries).

How many systems are out there now who believe they have MS03-026
applied, can't get it offered to them from Windows Update, but in fact
don't have it applied at all??

***********************

-Jeff @ HP


-----Original Message-----
From: John.Airey () rnib org uk [mailto:John.Airey () rnib org uk] 
Sent: Wednesday, July 30, 2003 4:35 AM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] OT but related.


Your questions are intriguing. Anyone who answers the first yes can't
answer
any of the others.

I subscribed to bugtraq before this list was created. Then it was bought
up
and posts started getting dropped. My own posts were dropped without
reason
(in some cases they cleared up FUD, which is therefore clearly not a
priority for the new owner).

I've observed recently that some of the posts that make it to this list
are
appearing on bugtraq too. So I'm having to delete the same rubbish twice
in
some cases. 

What I'm finding annoying though is that somehow there is cross-posting
between the lists, such that I receive at least six copies of every Red
Hat
security notice, when I should only receive two. 

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
John.Airey () rnib org uk 

The trouble with post-modernism isn't just that no-one actually believes
in
it, but no-one can believe in it.


> -----Original Message-----
> From: Darren Reed [mailto:avalon () caligula anu edu au]
> Sent: 29 July 2003 18:34
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] OT but related.
>
>
>
> I'm curious to know, does anyone subscribe to full-disclosure BUT NOT
> bugtraq ?  Is there any material that currently appears on 
> bugtraq that
> never appears on full-disclosure ?  Is there anything that owners of
> full-disclsoure could do to bridge that gap, if it exists ?
>
> My personal current evaluation of the two lists is tending 
> towards bugtraq
> being irrelevant, these days as it becomes more of a 
> vendor-announce list
> (especially for Linux) than a useful forum to particpate in.
>
> Cheers,
> Darren
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html