Full Disclosure mailing list archives

RE: Another Low Blow From Microsoft: MBSA Failure!

From: "Drew Copley" <dcopley () eeye com>
Date: Tue, 10 Feb 2004 11:07:56 -0800

-----Original Message-----
From: dotsecure () hushmail com [mailto:dotsecure () hushmail com] 
Sent: Tuesday, February 10, 2004 10:21 AM
To: full-disclosure () lists netsys com; 
bugtraq () securityfocus com; 
patchmanagement () listserv patchmanagement org
Subject: Another Low Blow From Microsoft: MBSA Failure!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another Low Blow from Microsoft.

Within the last few weeks at our company we have been doing 
testing to find out total number of patched machines we have 
against the latest Messenger Service Vulnerability. After 
checking few thousand computers we have found several hundred 
were still affected even though patch has been applied. We 
have scanned with Retina, Foundstone and Qualys tools which 
they all showed as "VULNERABLE", however when we scanned with 
Microsoft Base Security Analyzer it showed as "NOT 
VULNERABLE". This was at first confusing; one would think an 
assessment tool released by the original vendor would 
actually be accurate


<snip>


Had we trusted Microsoft Base Analyzer we would still be vulnerable.


Retina has the same potential functionality as MBSA. We can also do
registry and file checks. And, sometimes we do. But, we try to do remote
checks that are non-intrusive and that do not use these. A big reason
for this is that remote registry and file checks are very unreliable.
(Far beyond just the fact that someone could fake out the scanner by
putting a dummy file or registry entry up there intentionally).

I don't know anyone that uses MBSA only for their network. It is an
interesting toy, but it surely isn't capable of replacing a true
vulnerability assessment solution.

Questions comments email me at dotsecure () hushamail com or 
Aim: Evilkind.


<snip>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- <Possible follow-ups>
- RE: Another Low Blow From Microsoft: MBSA Failure! Eric McCarty (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
  - Re: Another Low Blow From Microsoft: MBSA Failure! kevin hinze (Feb 11)
- Another Low Blow From Microsoft: MBSA Failure! dotsecure (Feb 10)
  - Re: Another Low Blow From Microsoft: MBSA Failure! Byron Copeland (Feb 10)
  - Re: Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 10)
    - Re: Another Low Blow From Microsoft: MBSA Failure! Valdis . Kletnieks (Feb 11)
    - Re: Another Low Blow From Microsoft: MBSA Failure! Kenneth R. van Wyk (Feb 11)
    - Re: Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Evans, Arian (Feb 12)