RE: Patching networks redux

[Byron Copeland <nodialtone () comcast net>]

Alan,

Do you have a specific link to that paragraph noting that.  I've looked
around and didn't catch anything on the MS site saying that.

Thanks,
-b

On Wed, 2003-07-30 at 18:58, Alan Kloster wrote:
> Paul Schmehl wrote:
> > testing has shown that some patch management tools
> > are incorrectly reporting that MS03-026 is installed when it's not
> > (notably Windows Update and Update Expert, among others.)  The accuracy
> > of the tool depends on how they check for the patch level.  If they
> > check the registry (like Windows Update and Update Expert do) they will
> > *incorrectly* report that MS03-026 has been installed when if fact the
> > files have not been updated.  If they do MD5 checksums (like Hfnetchk or
> > MBSA), they will correctly report the patch level.
>
> Reading the notice from Microsoft MS03-026 suggests that nothing below Win2k SP3 or NT SP6a can be patched 
> effectively.  They kind of hid this in one of the extra pull downs on the website.  We are finding that the patch can 
> be applied to systems that don't meet this criteria, but doesn't take, and the Eeye scanner still shows them 
> vulnerable.  Just a heads up for people who haven't applied the service packs, but think they are safe.  Windows 
> update also doesn't show the patch as available for machines at the wrong SP level.
>
> Props to Eeye for helping us all with the scanner tool.
>
> Alan Kloster
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html