Nicolas, I have checked several systems manually. Each has version 2.0.0.3 installed. I've downloaded and installed the patch, but it only shows the "REMOVE" option (because the patch has already been installed).
The servers all have the CAPICOM.Certificates.4 key, but they also have .1, .2 and .3. I'm convinced the plugin is working properly (per the information provided in the MS Bulletin). I think the problem is either (a) the bulletin is incorrect, or (b) the patch is broken. John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Pouvesle Sent: Monday, June 04, 2007 11:03 AM To: nessus Subject: Re: FALSE POSITIVE On Jun 4, 2007, at 7:49 PM, John Scherff wrote: > > I don't know if this FAQ item applies or not; the Company attribute is > "Microsoft Corporation." I doubt it's a custom CAPICOM (e.g., from > Citrix) because even my desktop computer has CAPICOM 2.0.0.3, and the > patch has been applied to it as well. > > But the MS bulletin definitely says, "If you have version 2.1.01 or > lower, you should update your system," so Nessus is correct in marking > it as a vulnerability. Something must be broken in the Microsoft > patch. I don't know how MBSA works but if it uses the same technique as described in the advisory it may be the problem. The advisory recommends to check that the following key exists to know if the patch is installed : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.4\CLSID However the activex is directly linked with this key : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates\CLSID When you install the patch the "Certificates.4" key is created and the "Certificates" key is replaced. However if you install another application that uses capicom, the key "Certificates" may be replaced with an older version of the activex. Then, even if you installed the patch, the older activex version can be used. Nicolas _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
