Hi Renaud, Thanks for the info. I have a quick query for you! What was basic idea to rely on registry entries to check for the hotfix installation? As you said, nowadays it is cumbersome to rely on registries to confirm patch installation. Does checking dll file versions will be a better method to overcome this issue?
On Nov 2, 2007 8:10 PM, Renaud Deraison <[EMAIL PROTECTED]> wrote: > > On Nov 2, 2007, at 10:37 AM, Pavithra H wrote: > > > John, > > You right! According smb_hotfixes.nasl you have grabbed all hotfix > > related registry keys. But even this plugin doesn't list Hotfixes on > > Vista since there are no Vista specific registry keys to list > > Hotfixes. Usually to my understanding, they look for affected dlll > > fileversion instead of checking hotfixes. > > I have no idea about how do Nessus makes use of WMI interface to check > > the status of Hotfix. > > When testing Vista, we do not use WMI to list the hotfixes, but we > indeed look at the version of the DLLs. > > We also do that for every other system and fall back to checking the > registry if the provided credentials are not sufficient to read files > in C$. In the long term, we might end up dropping support the > registry approach entirely, as it seems that some patch management > systems do not bother updating it either, thus causing false positives. > > This is why you really want to give Nessus admin credentials when > doing audits. > > > -- Renaud > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Thanks, Pavithra.H Research Analyst, Thirdbrigade Labs Bangalore _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
