Bugtraq: RE: Another Low Blow From Microsoft: MBSA Failure!

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: Another Low Blow From Microsoft: MBSA Failure!

From: "Drew Copley" <dcopley () eeye com>
Date: Tue, 10 Feb 2004 16:09:25 -0800

BTW, I should note that one user did respond back to my pseudo-challenge
and noted that small businesses like his can not afford professional
vulnerability assessment solutions. 

I apologize for alienating these users. 

To such users: please start using the free Nessus tool. Use MBSA as a
back-up. Check in-person on any suspicious anomalies.

-----Original Message-----
From: Drew Copley [mailto:dcopley () eeye com] 
Sent: Tuesday, February 10, 2004 11:08 AM
To: dotsecure () hushmail com; full-disclosure () lists netsys com; 
bugtraq () securityfocus com; 
patchmanagement () listserv patchmanagement org
Subject: RE: Another Low Blow From Microsoft: MBSA Failure!

-----Original Message-----
From: dotsecure () hushmail com [mailto:dotsecure () hushmail com]
Sent: Tuesday, February 10, 2004 10:21 AM
To: full-disclosure () lists netsys com; bugtraq () securityfocus com; 
patchmanagement () listserv patchmanagement org
Subject: Another Low Blow From Microsoft: MBSA Failure!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another Low Blow from Microsoft.

Within the last few weeks at our company we have been doing

testing to

find out total number of patched machines we have against

the latest

Messenger Service Vulnerability. After checking few

thousand computers

we have found several hundred were still affected even though patch 
has been applied. We have scanned with Retina, Foundstone

and Qualys

tools which they all showed as "VULNERABLE", however when

we scanned

with Microsoft Base Security Analyzer it showed as "NOT

VULNERABLE".

This was at first confusing; one would think an assessment tool 
released by the original vendor would actually be accurate


<snip>


Had we trusted Microsoft Base Analyzer we would still be vulnerable.


Retina has the same potential functionality as MBSA. We can 
also do registry and file checks. And, sometimes we do. But, 
we try to do remote checks that are non-intrusive and that do 
not use these. A big reason for this is that remote registry 
and file checks are very unreliable.
(Far beyond just the fact that someone could fake out the 
scanner by putting a dummy file or registry entry up there 
intentionally).

I don't know anyone that uses MBSA only for their network. It 
is an interesting toy, but it surely isn't capable of 
replacing a true vulnerability assessment solution.

Questions comments email me at dotsecure () hushamail com or
Aim: Evilkind.


<snip>

By Date By Thread

Current thread:

Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure!, (continued)
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)
  - Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure! Valdis . Kletnieks (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Joe DeMarco (Feb 10)
  - RE: Another Low Blow From Microsoft: MBSA Failure! Frank Knobbe (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Eric McCarty (Feb 11)