|
Bugtraq
mailing list archives
RE: Another Low Blow From Microsoft: MBSA Failure!
From: "Drew Copley" <dcopley () eeye com>
Date: Tue, 10 Feb 2004 11:07:56 -0800
-----Original Message-----
From: dotsecure () hushmail com [mailto:dotsecure () hushmail com]
Sent: Tuesday, February 10, 2004 10:21 AM
To: full-disclosure () lists netsys com;
bugtraq () securityfocus com;
patchmanagement () listserv patchmanagement org
Subject: Another Low Blow From Microsoft: MBSA Failure!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Another Low Blow from Microsoft.
Within the last few weeks at our company we have been doing
testing to find out total number of patched machines we have
against the latest Messenger Service Vulnerability. After
checking few thousand computers we have found several hundred
were still affected even though patch has been applied. We
have scanned with Retina, Foundstone and Qualys tools which
they all showed as "VULNERABLE", however when we scanned with
Microsoft Base Security Analyzer it showed as "NOT
VULNERABLE". This was at first confusing; one would think an
assessment tool released by the original vendor would
actually be accurate
<snip>
Had we trusted Microsoft Base Analyzer we would still be vulnerable.
Retina has the same potential functionality as MBSA. We can also do
registry and file checks. And, sometimes we do. But, we try to do remote
checks that are non-intrusive and that do not use these. A big reason
for this is that remote registry and file checks are very unreliable.
(Far beyond just the fact that someone could fake out the scanner by
putting a dummy file or registry entry up there intentionally).
I don't know anyone that uses MBSA only for their network. It is an
interesting toy, but it surely isn't capable of replacing a true
vulnerability assessment solution.
Questions comments email me at dotsecure () hushamail com or
Aim: Evilkind.
<snip>
 By Date 
By Thread
Current thread:
| 
Intro
