lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: nodialtone at comcast.net (Byron Copeland) Subject: Another Low Blow From Microsoft: MBSA Failure! Thank you! .secure I have proved in the past myself that some patches were ineffective with other vulnerabilities to some I USED to work for. Thanks, -b On Tue, 2004-02-10 at 13:21, dotsecure@...hmail.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Another Low Blow from Microsoft. > > Within the last few weeks at our company we have been doing testing to > find out total number of patched machines we have against the latest > Messenger Service Vulnerability. After checking few thousand computers > we have found several hundred were still affected even though patch has > been applied. We have scanned with Retina, Foundstone and Qualys tools > which they all showed as VULNERABLE, however when we scanned with Microsoft > Base Security Analyzer it showed as NOT VULNERABLE. This was at first > confusing; one would think an assessment tool released by the original > vendor would actually be accurate. On the flipside it really didnt make > sense to us why would three different commercial scanners show as vulnerable > if they are truly patched. So we decided to do the ultimate test. We > ran messenger service exploit against the machines that MS Base Analyzer > showed as Not Vulnerable and 3rd party vulnerability scanners that > showed as Vulnerable. Results were as expected, machines were exploited > and Microsoft Base Analyzer failed to detect the vulnerable machines > properly. > > We have concluded that, although the patch was installed on these machines, > the patch management script failed to reboot those few hundred systems, > therefore these machines were vulnerable until the next successful reboot. > After a successful reboot all 3rd party tools showed the machines as > not vulnerable and the exploit tool did not successfully exploit the > machines. 3rd Party tool assessments were accurate the machines were > truly vulnerable prior reboot. > > Had we trusted Microsoft Base Analyzer we would still be vulnerable. > > > To prove this, I have captured screen shots and converted them in pdf > format for your viewing pleasure. The screenshots shows exact same scan > conducted with Foundstone tool and MBSA. > > Screenshots: http://www.elusiveworld.com/scanshots.pdf > > > I would love to see if there are any more like us out there who encountered > this problem. If you had similar problems our recommendation to you do > not fully depend on MBSA, since the tool is just as buggy as the company > itself. > > Questions comments email me at dotsecure@...hamail.com > or Aim: Evilkind. > > > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 2.3 > > wkYEARECAAYFAkApIjwACgkQHxPzbxnt5HTNtQCfd6xpi2VasnZ33/6saPNfqyMgukMA > nj85QSec1HrAe9aYeSMHiOqcI1Zk > =ORo8 > -----END PGP SIGNATURE----- > > > > > Concerned about your privacy? Follow this link to get > FREE encrypted email: https://www.hushmail.com/?l=2 > > Free, ultra-private instant messaging with Hush Messenger > https://www.hushmail.com/services.php?subloc=messenger&l=434 > > Promote security and make money with the Hushmail Affiliate Program: > https://www.hushmail.com/about.php?subloc=affiliate&l=427 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists