You need to verify some of the files to make sure they really updated. We have had a lot of problems since late 2003 with MS patches not updating all the files they should. As a result, they scan vulnerable, though MS tools say they are patched.
MS tools check the registry to see if you ran the patch. They don't check the files to make sure they were updated. We've proven this many times by comparing scan results to our PatchLink databases. PL also checks the files themselves. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of net sec Sent: Thursday, September 07, 2006 2:13 PM To: [email protected] Subject: Office Patch false postives? Nessus is reporting MANY of our workstations as missing MS06-039 in addition to some MS03-039 although both MBSA and SMS report that these workstations are patched. In addition, when attempting to update via Microsoft Updates - no patches needed. I don't want to dismiss as a false positive without getting some feedback from others who may have also seen this. FYI - both of these patches are related to MSOffice. Thanks for any feedback - _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
