Every month when Microsoft patches are released, I copy last month's
session from NesssuWX, then add the new plugins to scan for the new
month. So we get a cumulative picture of missing patches. So on
Friday, we have a list of servers in the results that were showing as
missing certain patches. So in total we had about a 85 passing rate,
and 15 failure last month, from a total of about 500 servers. Failures
are mostly due to Microsoft Office patches.
So today when I created the new session that includes September's
patches, I ran the session and in the results I no longer see any of the
vulnerabilities reported on Friday, but I do see, (which is good)
exploits for the September patches - which need to remediated.
I started to wonder what happened to the other patches
from last month that were showing as vulnerable (unpatched). And I do
see some systems here and there which are reporting patches missing, but
major ones like Service Pack 4 for Windows 2000 Server, so I know the
other plugins are working and being scanned for.
So my question is... Has something changed in which the dependencies for
patches work? And if it has been "corrected" have I been misreporting
all this time. Because sometimes we get comments from our other IT
colleagues, that we are reporting as vulnerable, but when they go to
Windows Update site - no patches need to be applied.
Maybe it is a combination of 2 problems, false-positives and dependency
on older patches?
If any of the above didn't make sense, please feel free to ask - I am a
little scatter brained right now.
Thanks.
Amit Lad | Information Security Engineer | Ciena | Office. 410-694-5998
| Cell. 510-376-8597 | [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
