I can do so later on today. I haven't applied the hotfix yet just to be able to keep testing this. I will also be working to verify the other results, but I only have access to the system in the evenings.
Tim Doty -----Original Message----- From: Nicolas Pouvesle [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2008 6:31 AM To: Doty, Timothy T. Cc: [email protected] Subject: Re: Possible false positive Could you scan this system with KB saving enabled and send me the result ? Thanks, Nicolas On Sep 17, 2008, at 5:07 AM, Doty, Timothy T. wrote: > I am concerned about some potential false positives/misleading > results reported by nessus. I have a WinXP system that *should* be > fully patched. When I run a nessus scan against it, it finds > unpatched critical vulnerabilities. The first thing that bothered me > is that this particular version of WinXP was slipstreamed and so was > installed with numerous patches included and these were older > vulnerabilities. I then ran a credentialed Windows patch audit and > the system came up clean -- no vulnerabilities. > > I finally got time to start verifying the vulnerabilities and the > first one nessus reports is Nessus ID : 20928 which gives a link to http://www.microsoft.com/technet/security/bulletin/ms06-008.mspx > . Fine, I go to the website and according to Microsoft the *patched* > files includes (among other files): > > Mrxdav.sys 5.1.2600.1673 26-Apr-2005 01:58 > > The *installed* version is > > Mrxdav.sys 5.1.2600.2180 04-Aug-2004 07:00 > > That looks to me like it is *newer* than what was patched 2 years > ago, big surprise. However, nessus claims it is vulnerable. *And* > the file create and modify time stamps are older. Ah well, so I > searched on the file and version and find that it *does* have a > vulnerability, but the correct reference is http://support.microsoft.com/?kbid=909423 > > So directing to the link indicated in the plugin output is faulty? > > Three other vulnerabilities were also flagged but I haven't had time > to verify yet: > > http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx > http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx > http://www.microsoft.com/technet/security/bulletin/ms05-027.mspx > > Tim Doty > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
