Hi Renaud,
Thanks for the info.
I have a quick query for you! What was basic idea to rely on registry
entries to check for the hotfix installation?
As you said, nowadays it is cumbersome to rely on registries to
confirm patch installation. Does checking dll file versions will be a
better method to overcome this issue?
On Nov 2, 2007 8:10 PM, Renaud Deraison <deraison@nessus.org> wrote:
On Nov 2, 2007, at 10:37 AM, Pavithra H wrote:
John,
You right! According smb_hotfixes.nasl you have grabbed all hotfix
related registry keys. But even this plugin doesn't list Hotfixes on
Vista since there are no Vista specific registry keys to list
Hotfixes. Usually to my understanding, they look for affected dlll
fileversion instead of checking hotfixes.
I have no idea about how do Nessus makes use of WMI interface to check
the status of Hotfix.
When testing Vista, we do not use WMI to list the hotfixes, but we
indeed look at the version of the DLLs.
We also do that for every other system and fall back to checking the
registry if the provided credentials are not sufficient to read files
in C$. In the long term, we might end up dropping support the
registry approach entirely, as it seems that some patch management
systems do not bother updating it either, thus causing false positives.
This is why you really want to give Nessus admin credentials when
doing audits.
-- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
--
Thanks,
Pavithra.H
Research Analyst, Thirdbrigade Labs
Bangalore
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
