Most of the MS bulletins list the files to be updated and the new version and date stamp info. Without an already existing tool, I would either have SA's manually check some of these systems, or see if something can be scripted to do it.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of net sec Sent: Thursday, September 07, 2006 10:39 PM To: [email protected] Subject: RE: Office Patch false postives? I agree that this could very well be the case. Unfortunately, I don't have a 3rd party tool for verification such as Patchlink. Can you offer/suggest resources that would help me to determine which files and versions are needed for the manual verification you mentioned? I will admit my ignorance when it comes to NASL but my first glance at the source code for PID 22033 didn't help me - I thought it would. Thanks for your help!! ----Original Message Follows---- From: "Carlton A. Foster" <[EMAIL PROTECTED]> To: <[email protected]> Subject: RE: Office Patch false postives? Date: Thu, 7 Sep 2006 14:56:41 -0400 You need to verify some of the files to make sure they really updated. We have had a lot of problems since late 2003 with MS patches not updating all the files they should. As a result, they scan vulnerable, though MS tools say they are patched. MS tools check the registry to see if you ran the patch. They don't check the files to make sure they were updated. We've proven this many times by comparing scan results to our PatchLink databases. PL also checks the files themselves. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of net sec Sent: Thursday, September 07, 2006 2:13 PM To: [email protected] Subject: Office Patch false postives? Nessus is reporting MANY of our workstations as missing MS06-039 in addition to some MS03-039 although both MBSA and SMS report that these workstations are patched. In addition, when attempting to update via Microsoft Updates - no patches needed. I don't want to dismiss as a false positive without getting some feedback from others who may have also seen this. FYI - both of these patches are related to MSOffice. Thanks for any feedback - _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
