----- Original Message ----- From: "Mays Jeff" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "Michael Scheidell" <[EMAIL PROTECTED]> Sent: Thursday, May 09, 2002 3:40 PM Subject: RE: Problem with MS02-008 and MS02-009 plugins
> Ok. As you have seen in recent messages, I'm having a rough time validating > the existence (or lack thereof) of the hotfixes for MS02-008 and 009. Nessus > continues to insist that they are not there. In a previous cases that was > correct. We did some further investigation and determined that some of the > other post sp2 hotfixes were applied in the wrong order. Once we got that > straightened out, a new scan was run. Nessus still complains that the > patches aren't there. Hfnetchk says they are, and we can verify the > existence of the appropriate registry key and files. > > It appears that the plugin for MS02-008 may only be checking for Q318203 > (patches xml versions 3.x) and not looking for Q318202 or Q317244 (versions > 2.x, 4.x). > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318203&SD=MSKB&; > > The above link basically says something altogether different than the > original advisory and appears to contradict. Typical Microsoft I suppose... > either that or I've missed something altogether. > well, its hard enough to keep up with microsoft daily security notices, letalone when they fix they fix by fixing the fix of their fix. Next time you see software that says 'Windows NT or better", fdisk the thing and install linux or freebsd. Oh, well, when we get some time we will look at it. If there are three different patches for three different xml versions, thne nessus will NOT be able to determie the correct patch for it until the new netbios calls are written (will need to check file dates/times on the remote computer as well as registry entries) Any one got an idea on how to tell (remotely, through registry settings, using a STANDARD USER account, not admin privledges what version needs patches?) Michael Scheidell SECNAP Network Security, LLC (561) 368-9561 [EMAIL PROTECTED] http://www.secnap.net
