[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <81637804AB36A644BBDE3ED9DD4E73FD96CEE8@hermes.eCompany.gov>
Date: Tue, 10 Feb 2004 16:09:25 -0800
From: "Drew Copley" <dcopley@...e.com>
To: <dotsecure@...hmail.com>, <full-disclosure@...ts.netsys.com>,
<bugtraq@...urityfocus.com>
Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
BTW, I should note that one user did respond back to my pseudo-challenge
and noted that small businesses like his can not afford professional
vulnerability assessment solutions.
I apologize for alienating these users.
To such users: please start using the free Nessus tool. Use MBSA as a
back-up. Check in-person on any suspicious anomalies.
> -----Original Message-----
> From: Drew Copley [mailto:dcopley@...e.com]
> Sent: Tuesday, February 10, 2004 11:08 AM
> To: dotsecure@...hmail.com; full-disclosure@...ts.netsys.com;
> bugtraq@...urityfocus.com;
> patchmanagement@...tserv.patchmanagement.org
> Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
>
>
>
> > -----Original Message-----
> > From: dotsecure@...hmail.com [mailto:dotsecure@...hmail.com]
> > Sent: Tuesday, February 10, 2004 10:21 AM
> > To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com;
> > patchmanagement@...tserv.patchmanagement.org
> > Subject: Another Low Blow From Microsoft: MBSA Failure!
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Another Low Blow from Microsoft.
> >
> > Within the last few weeks at our company we have been doing
> testing to
> > find out total number of patched machines we have against
> the latest
> > Messenger Service Vulnerability. After checking few
> thousand computers
> > we have found several hundred were still affected even though patch
> > has been applied. We have scanned with Retina, Foundstone
> and Qualys
> > tools which they all showed as "VULNERABLE", however when
> we scanned
> > with Microsoft Base Security Analyzer it showed as "NOT
> VULNERABLE".
> > This was at first confusing; one would think an assessment tool
> > released by the original vendor would actually be accurate
>
> <snip>
>
>
> >
> > Had we trusted Microsoft Base Analyzer we would still be vulnerable.
>
> Retina has the same potential functionality as MBSA. We can
> also do registry and file checks. And, sometimes we do. But,
> we try to do remote checks that are non-intrusive and that do
> not use these. A big reason for this is that remote registry
> and file checks are very unreliable.
> (Far beyond just the fact that someone could fake out the
> scanner by putting a dummy file or registry entry up there
> intentionally).
>
> I don't know anyone that uses MBSA only for their network. It
> is an interesting toy, but it surely isn't capable of
> replacing a true vulnerability assessment solution.
>
>
>
>
>
> > Questions comments email me at dotsecure@...hamail.com or
> > Aim: Evilkind.
> >
> >
>
> <snip>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists