lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: dcopley at eeye.com (Drew Copley)
Subject: RE: Another Low Blow From Microsoft: MBSA Failure!

 

> -----Original Message-----
> From: dotsecure@...hmail.com [mailto:dotsecure@...hmail.com] 
> Sent: Tuesday, February 10, 2004 10:21 AM
> To: full-disclosure@...ts.netsys.com; 
> bugtraq@...urityfocus.com; 
> patchmanagement@...tserv.patchmanagement.org
> Subject: Another Low Blow From Microsoft: MBSA Failure!
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Another Low Blow from Microsoft.
> 
> Within the last few weeks at our company we have been doing 
> testing to find out total number of patched machines we have 
> against the latest Messenger Service Vulnerability. After 
> checking few thousand computers we have found several hundred 
> were still affected even though patch has been applied. We 
> have scanned with Retina, Foundstone and Qualys tools which 
> they all showed as "VULNERABLE", however when we scanned with 
> Microsoft Base Security Analyzer it showed as "NOT 
> VULNERABLE". This was at first confusing; one would think an 
> assessment tool released by the original vendor would 
> actually be accurate

<snip>


> 
> Had we trusted Microsoft Base Analyzer we would still be vulnerable.

Retina has the same potential functionality as MBSA. We can also do
registry and file checks. And, sometimes we do. But, we try to do remote
checks that are non-intrusive and that do not use these. A big reason
for this is that remote registry and file checks are very unreliable.
(Far beyond just the fact that someone could fake out the scanner by
putting a dummy file or registry entry up there intentionally).

I don't know anyone that uses MBSA only for their network. It is an
interesting toy, but it surely isn't capable of replacing a true
vulnerability assessment solution.





> Questions comments email me at dotsecure@...hamail.com or 
> Aim: Evilkind.
> 
> 

<snip>


Powered by blists - more mailing lists