We are beginning to try Nessus at our facilities and are using the
windows version. Our process is to scan servers before they go into
production. Often Nessus will find a 'hole' that when you go to
windowsupdate, update does not find any missing patches. Ie ID 22529
finds the .Net cross site script issue.
Of course, if the patch is downloaded manually and rescanned, Nessus
does not report the problem anymore. Microsoft rates this as a moderate
vulnerability but would have thought that even under the custom settings
that this should show up. I see this occasionally on other devices we
scan - usually says there is an older patch needed (ie 03-xxx).
**************************************************************************************************
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**************************************************************************************************
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
