For all those experts who have mastered patching your networks, please ignore this post.
For the rest of you, testing has shown that some patch management tools are incorrectly reporting that MS03-026 is installed when it's not (notably Windows Update and Update Expert, among others.) The accuracy of the tool depends on how they check for the patch level. If they check the registry (like Windows Update and Update Expert do) they will *incorrectly* report that MS03-026 has been installed when if fact the files have not been updated. If they do MD5 checksums (like Hfnetchk or MBSA), they will correctly report the patch level. The Retina tool from eEye (and I would assume the IIS commandline tool as well) is correctly reporting what *is* patched and what is *not* patched, so you need to rely on those to give you accurate information. You could actually have users going to Windows Update and finding no patches available when in fact they are still vulnerable. You could also have users for whom you've pushed out the patch who have overwritten the files with older versions, yet your tools are reporting them as patched. Of course the experts never have these problems, but for the mere mortals, caveat emptor. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
