I would think a better way of determining if a patch is actually installed on a system is by examining the files on the system rather than to depend upon symptoms (scanners) or installation logs (registry entries).
If the add/remove software control panel, registry, or msi say the machine is patched but the files aren't there, an installation problem occurred.
If the scanners say the machine is not patched but the files are there then either the patch is ineffective in that machine's particular configuration (PATH?) or the scanner is generating a false positive.
-- Gary Flynn Security Engineer - Technical Services James Madison University
Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
