RE: MS updates question

[<tlarholm () pivx com>]

Windows Update and MBSA (can) use different criterias for detecting
whether a patch is installed or not, with MBSA being the most reliable
of the two.

Microsoft are still working on Microsoft Update which should cover all
Microsoft products, as opposed to having a Windows Update, Office Update
and the rest covered by SUS/MBSA.


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor () pivx com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 

-----Original Message-----
From: jschmidt () buhler com [mailto:jschmidt () buhler com] 
Sent: Wednesday, February 04, 2004 11:44 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] MS updates question


Please be kind as I am no security expert, I just have a question.  Are 
there security updates for windows xp that aren't posted on the windows 
update site?  When I go to windowsupdate.microsoft.com, of all
categories, 
I'm missing only 2 recommended updates (journal viewer, and windows 
messenger update).  however, when I run MS baseline Security Analyzer
ver 
1.2, it tells me I have 5 security updates that are out of date or could

not be confirmed: MS02-050, MS02-054, MS02-072, MS03-030, MS03-051.
These 
I will manually update, but why the discrepancy?

-jamie-

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html