Full Disclosure mailing list archives
Patching networks redux
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 30 Jul 2003 17:09:14 -0500
For all those experts who have mastered patching your networks, please ignore this post. For the rest of you, testing has shown that some patch management tools are incorrectly reporting that MS03-026 is installed when it's not (notably Windows Update and Update Expert, among others.) The accuracy of the tool depends on how they check for the patch level. If they check the registry (like Windows Update and Update Expert do) they will *incorrectly* report that MS03-026 has been installed when if fact the files have not been updated. If they do MD5 checksums (like Hfnetchk or MBSA), they will correctly report the patch level. The Retina tool from eEye (and I would assume the IIS commandline tool as well) is correctly reporting what *is* patched and what is *not* patched, so you need to rely on those to give you accurate information. You could actually have users going to Windows Update and finding no patches available when in fact they are still vulnerable. You could also have users for whom you've pushed out the patch who have overwritten the files with older versions, yet your tools are reporting them as patched. Of course the experts never have these problems, but for the mere mortals, caveat emptor. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Patching networks redux Schmehl, Paul L (Jul 30)
- Re: Patching networks redux Jason (Jul 31)
- <Possible follow-ups>
- RE: Patching networks redux Alan Kloster (Jul 30)
- RE: Patching networks redux Byron Copeland (Jul 31)
- RE: Patching networks redux Nick FitzGerald (Jul 31)
- RE: Patching networks redux Byron Copeland (Jul 31)
- RE: Patching networks redux Schmehl, Paul L (Jul 31)
- RE: Patching networks redux John . Airey (Jul 31)
- RE: Patching networks redux Nick FitzGerald (Jul 31)