RE: Another Low Blow From Microsoft: MBSA Failure!
> -----Original Message-----
> From: dotsecure@xxxxxxxxxxxx [mailto:dotsecure@xxxxxxxxxxxx]
> Sent: Tuesday, February 10, 2004 10:21 AM
> To: full-disclosure@xxxxxxxxxxxxxxxx;
> bugtraq@xxxxxxxxxxxxxxxxx;
> patchmanagement@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Subject: Another Low Blow From Microsoft: MBSA Failure!
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Another Low Blow from Microsoft.
>
> Within the last few weeks at our company we have been doing
> testing to find out total number of patched machines we have
> against the latest Messenger Service Vulnerability. After
> checking few thousand computers we have found several hundred
> were still affected even though patch has been applied. We
> have scanned with Retina, Foundstone and Qualys tools which
> they all showed as "VULNERABLE", however when we scanned with
> Microsoft Base Security Analyzer it showed as "NOT
> VULNERABLE". This was at first confusing; one would think an
> assessment tool released by the original vendor would
> actually be accurate
<snip>
>
> Had we trusted Microsoft Base Analyzer we would still be vulnerable.
Retina has the same potential functionality as MBSA. We can also do
registry and file checks. And, sometimes we do. But, we try to do remote
checks that are non-intrusive and that do not use these. A big reason
for this is that remote registry and file checks are very unreliable.
(Far beyond just the fact that someone could fake out the scanner by
putting a dummy file or registry entry up there intentionally).
I don't know anyone that uses MBSA only for their network. It is an
interesting toy, but it surely isn't capable of replacing a true
vulnerability assessment solution.
> Questions comments email me at dotsecure@xxxxxxxxxxxxx or
> Aim: Evilkind.
>
>
<snip>