<<< Date Index >>>     <<< Thread Index >>>

RE: Another Low Blow From Microsoft: MBSA Failure!



BTW, I should note that one user did respond back to my pseudo-challenge
and noted that small businesses like his can not afford professional
vulnerability assessment solutions. 

I apologize for alienating these users. 

To such users: please start using the free Nessus tool. Use MBSA as a
back-up. Check in-person on any suspicious anomalies.




> -----Original Message-----
> From: Drew Copley [mailto:dcopley@xxxxxxxx] 
> Sent: Tuesday, February 10, 2004 11:08 AM
> To: dotsecure@xxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx; 
> bugtraq@xxxxxxxxxxxxxxxxx; 
> patchmanagement@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
> 
>  
> 
> > -----Original Message-----
> > From: dotsecure@xxxxxxxxxxxx [mailto:dotsecure@xxxxxxxxxxxx]
> > Sent: Tuesday, February 10, 2004 10:21 AM
> > To: full-disclosure@xxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx; 
> > patchmanagement@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > Subject: Another Low Blow From Microsoft: MBSA Failure!
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Another Low Blow from Microsoft.
> > 
> > Within the last few weeks at our company we have been doing 
> testing to 
> > find out total number of patched machines we have against 
> the latest 
> > Messenger Service Vulnerability. After checking few 
> thousand computers 
> > we have found several hundred were still affected even though patch 
> > has been applied. We have scanned with Retina, Foundstone 
> and Qualys 
> > tools which they all showed as "VULNERABLE", however when 
> we scanned 
> > with Microsoft Base Security Analyzer it showed as "NOT 
> VULNERABLE". 
> > This was at first confusing; one would think an assessment tool 
> > released by the original vendor would actually be accurate
> 
> <snip>
> 
> 
> > 
> > Had we trusted Microsoft Base Analyzer we would still be vulnerable.
> 
> Retina has the same potential functionality as MBSA. We can 
> also do registry and file checks. And, sometimes we do. But, 
> we try to do remote checks that are non-intrusive and that do 
> not use these. A big reason for this is that remote registry 
> and file checks are very unreliable.
> (Far beyond just the fact that someone could fake out the 
> scanner by putting a dummy file or registry entry up there 
> intentionally).
> 
> I don't know anyone that uses MBSA only for their network. It 
> is an interesting toy, but it surely isn't capable of 
> replacing a true vulnerability assessment solution.
> 
> 
> 
> 
> 
> > Questions comments email me at dotsecure@xxxxxxxxxxxxx or
> > Aim: Evilkind.
> > 
> > 
> 
> <snip>
> 
>