lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E06B47629@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: Patching networks redux

For all those experts who have mastered patching your networks, please
ignore this post.

For the rest of you, testing has shown that some patch management tools
are incorrectly reporting that MS03-026 is installed when it's not
(notably Windows Update and Update Expert, among others.)  The accuracy
of the tool depends on how they check for the patch level.  If they
check the registry (like Windows Update and Update Expert do) they will
*incorrectly* report that MS03-026 has been installed when if fact the
files have not been updated.  If they do MD5 checksums (like Hfnetchk or
MBSA), they will correctly report the patch level.

The Retina tool from eEye (and I would assume the IIS commandline tool
as well) is correctly reporting what *is* patched and what is *not*
patched, so you need to rely on those to give you accurate information.
You could actually have users going to Windows Update and finding no
patches available when in fact they are still vulnerable.  You could
also have users for whom you've pushed out the patch who have
overwritten the files with older versions, yet your tools are reporting
them as patched.

Of course the experts never have these problems, but for the mere
mortals, caveat emptor.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ