OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tom Love (tlovepretendceo.com)
Date: Thu Aug 16 2001 - 20:54:48 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Further investigation shows that MS has a tendency to "update" the existing
    patches, and although you think you've applied an old one, you haven't. If
    hfnetchk indicates that an old one hasn't been applied, it in fact appears
    to be indicating that you should download the old patch again, whereupon you
    will discover that it's not so old.

    -----Original Message-----
    From: Eric [mailto:ewstellurian.net]
    Sent: Thursday, August 16, 2001 9:47 PM
    To: Tom Love; focus-mssecurityfocus.com
    Subject: RE: MS patch scanner - how to use it in "real life"?

    If you are running SP2 (I assume Win2K SP2, and not IE 5.x SP2), it only
    scans for patches that are applicable to SP2. FWIW, 00-077 and 00-079 show
    up in the list. While these would appear to be older issues that should
    have been covered in SP2, they either weren't (00-079), or they were
    re-released after SP2 - so they still need to be applied. I'd be
    interested to know what Pre-SP2 patches it's recommending...

    At 05:36 PM 8/16/2001 -0400, Tom Love wrote:
    >Same problems. It recommends old patches that predate SP2, and won't
    >install because SP2 is present
    >
    >-----Original Message-----
    >From: Mattias Nyholm [mailto:mattias.nyholmframfab.se]
    >Sent: Thursday, August 16, 2001 7:49 AM
    >To: 'focus-mssecurityfocus.com'
    >Subject: MS patch scanner - how to use it in "real life"?
    >
    >
    >
    >I've been testing the MS patch scanner, and I have some doubts as to
    >how useful it is "in real life". The thing is that the tool reports
    >on installed and missing hotfixes without considering that several
    >patches are outdated and have been replaced by other patches. This
    >leads to several problems:
    >
    ># Even on a fully patched system the tool will still report that
    > some patches are missing.
    ># The tool can not be used as "run once, tell me if something
    > is missing" way to make sure a server is secure.
    ># Since the tool reports on missing hotfixes even though they are
    > replaced by a later patch one will have to create and maintain a
    > list of current patches and compare the tools output to that list.
    > To use this on a large scale one must write a separate tool to parse
    > the output and compare it to the list.
    >
    >Have anyone else noticed the same problems, or have I completely
    >misunderstood the tool? I'd be glad if I have! :)
    >
    >-mattias