Full Disclosure mailing list archives
RE: Another Low Blow From Microsoft: MBSA Failure!
From: "Drew Copley" <dcopley () eeye com>
Date: Tue, 10 Feb 2004 11:07:56 -0800
-----Original Message----- From: dotsecure () hushmail com [mailto:dotsecure () hushmail com] Sent: Tuesday, February 10, 2004 10:21 AM To: full-disclosure () lists netsys com; bugtraq () securityfocus com; patchmanagement () listserv patchmanagement org Subject: Another Low Blow From Microsoft: MBSA Failure! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another Low Blow from Microsoft. Within the last few weeks at our company we have been doing testing to find out total number of patched machines we have against the latest Messenger Service Vulnerability. After checking few thousand computers we have found several hundred were still affected even though patch has been applied. We have scanned with Retina, Foundstone and Qualys tools which they all showed as "VULNERABLE", however when we scanned with Microsoft Base Security Analyzer it showed as "NOT VULNERABLE". This was at first confusing; one would think an assessment tool released by the original vendor would actually be accurate
<snip>
Had we trusted Microsoft Base Analyzer we would still be vulnerable.
Retina has the same potential functionality as MBSA. We can also do registry and file checks. And, sometimes we do. But, we try to do remote checks that are non-intrusive and that do not use these. A big reason for this is that remote registry and file checks are very unreliable. (Far beyond just the fact that someone could fake out the scanner by putting a dummy file or registry entry up there intentionally). I don't know anyone that uses MBSA only for their network. It is an interesting toy, but it surely isn't capable of replacing a true vulnerability assessment solution.
Questions comments email me at dotsecure () hushamail com or Aim: Evilkind.
<snip> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- <Possible follow-ups>
- RE: Another Low Blow From Microsoft: MBSA Failure! Eric McCarty (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- Re: Another Low Blow From Microsoft: MBSA Failure! kevin hinze (Feb 11)
- Another Low Blow From Microsoft: MBSA Failure! dotsecure (Feb 10)
- Re: Another Low Blow From Microsoft: MBSA Failure! Byron Copeland (Feb 10)
- Re: Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 10)
- Re: Another Low Blow From Microsoft: MBSA Failure! Valdis . Kletnieks (Feb 11)
- Re: Another Low Blow From Microsoft: MBSA Failure! Kenneth R. van Wyk (Feb 11)
- Re: Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Evans, Arian (Feb 12)