Network Security: Detailed info on RE: Office Patch false postives?

Subject:	RE: Office Patch false postives?
Date:	Fri, 8 Sep 2006 08:32:53 -0400

 Most of the MS bulletins list the files to be updated and the new version
and date stamp info.  Without an already existing tool, I would either have
SA's manually check some of these systems, or see if something can be
scripted to do it.

-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of net sec
Sent: Thursday, September 07, 2006 10:39 PM
To: nessus@list.nessus.org
Subject: RE: Office Patch false postives?

I agree that this could very well be the case.  Unfortunately, I don't have
a 3rd party tool for verification such as Patchlink.  Can you offer/suggest
resources that would help me to determine which files and versions are
needed for the manual verification you mentioned?  I will admit my ignorance
when it comes to NASL but my first glance at the source code for PID 22033
didn't help me - I thought it would.

Thanks for your help!!

----Original Message Follows----
From: "Carlton A. Foster" <c.a.foster@larc.nasa.gov>
To: <nessus@list.nessus.org>
Subject: RE: Office Patch false postives?
Date: Thu, 7 Sep 2006 14:56:41 -0400

You need to verify some of the files to make sure they really updated.  We
have had a lot of problems since late 2003 with MS patches not updating all
the files they should.  As a result, they scan vulnerable, though MS tools
say they are patched.

MS tools check the registry to see if you ran the patch.  They don't check
the files to make sure they were updated.  We've proven this many times by
comparing scan results to our PatchLink databases.  PL also checks the files
themselves.

-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of net sec
Sent: Thursday, September 07, 2006 2:13 PM
To: nessus@list.nessus.org
Subject: Office Patch false postives?

Nessus is reporting MANY of our workstations as missing MS06-039 in addition
to some MS03-039 although both MBSA and SMS report that these workstations
are patched.  In addition, when attempting to update via Microsoft Updates -
no patches needed.  I don't want to dismiss as a false positive without
getting some feedback from others who may have also seen this.
FYI - both of these patches are related to MSOffice.

Thanks for any feedback -

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
Office Patch false postives?, net sec RE: Office Patch false postives?, Carlton A. Foster RE: Office Patch false postives?, net sec not getting auto download plugins, ablesambaker Re: not getting auto download plugins, George A. Theall RE: Office Patch false postives?, Carlton A. Foster <=

Previous by Date:	Re: Nessus Error, Ian Marks
Next by Date:	Reporting, Corne Kotze
Previous by Thread:	Re: not getting auto download plugins, George A. Theall
Next by Thread:	Nessus Error, Ian Marks
Indexes:	[Date] [Thread] [Top] [All Lists]