Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Mon Jul 29 2002 - 15:54:04 CDT
Yes. I made some noise about this in April to no avail. Check the file list
in the patch against the actual files on your system and you will most
likely find that HFNetchk is correct in it's reporting and at least one
file you have on the system is actually older than what the patch installs.
You may also want to run hfnetchk with -v -z -b. This will give you a
verbose response and count only on the actual file signatures, not the
registry entries for what is supposed to have been patched.
You can access my write-up from April on our web site under security
services. MS has never came back with any explanation.
Here's the nasty no good procedure I have been using for new machines:
Service packing and applying the latest hotfix rollup
After that, Windows Update has been doing an admirable job in the last
month of finishing the patching
Scan with hfnetcheck or MBSA after WU for anything missing and add it
Finally do a scan to verify that you have them all. If you do, don't
relax, there will be a new one tomorrow :-)
JOHN MCGUIRE CISSP, MCSE2k, MCSE+I, MCT
Jared" To: focus-mssecurityfocus.com
m> Subject: hfnetchk reporting
Several systems folks here have run into the issue of hfnetchk reporting
"Patch NOT Found" after applying the appropriate patches and rebooting.
seem to be consistent of both NT and 2000 (though I haven't replicated this
issue myself). Anyone run into this issue with hfnetchk.exe?
here's one particular patch on an NT 4.0 sp6a server:
Patch NOT Found MS02-006 Q314147