lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nodialtone at comcast.net (Byron Copeland)
Subject: Another Low Blow From Microsoft: MBSA
	Failure!

Thank you! .secure

I have proved in the past myself that some patches were ineffective with
other vulnerabilities to some I USED to work for.  Thanks,

-b

On Tue, 2004-02-10 at 13:21, dotsecure@...hmail.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Another Low Blow from Microsoft.
> 
> Within the last few weeks at our company we have been doing testing to
> find out total number of patched machines we have against the latest
> Messenger Service Vulnerability. After checking few thousand computers
> we have found several hundred were still affected even though patch has
> been applied. We have scanned with Retina, Foundstone and Qualys tools
> which they all showed as VULNERABLE, however when we scanned with Microsoft
> Base Security Analyzer it showed as NOT VULNERABLE. This was at first
> confusing; one would think an assessment tool released by the original
> vendor would actually be accurate. On the flipside it really didnt make
> sense to us why would three different commercial scanners show as vulnerable
> if they are truly patched. So we decided to do the ultimate test. We
> ran messenger service exploit against the machines that MS Base Analyzer
> showed as Not Vulnerable and 3rd party vulnerability scanners that
> showed as Vulnerable. Results were as expected, machines were exploited
> and Microsoft Base Analyzer failed to detect the vulnerable machines
> properly.
> 
> We have concluded that, although the patch was installed on these machines,
>  the patch management script failed to reboot those few hundred systems,
>  therefore these machines were vulnerable until the next successful reboot.
> After a successful reboot all 3rd party tools showed the machines as
> not vulnerable and the exploit tool did not successfully exploit the
> machines.  3rd Party tool assessments were accurate the machines were
> truly vulnerable prior reboot.
> 
> Had we trusted Microsoft Base Analyzer we would still be vulnerable.
> 
> 
> To prove this, I have captured screen shots and converted them in pdf
> format for your viewing pleasure. The screenshots shows exact same scan
> conducted with  Foundstone tool and MBSA.
> 
> Screenshots: http://www.elusiveworld.com/scanshots.pdf
> 
> 
> I would love to see if there are any more like us out there who encountered
> this problem. If you had similar problems our recommendation to you do
> not fully depend on MBSA, since the tool is just as buggy as the company
> itself.
> 
> Questions comments email me at dotsecure@...hamail.com
> or Aim: Evilkind.
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.3
> 
> wkYEARECAAYFAkApIjwACgkQHxPzbxnt5HTNtQCfd6xpi2VasnZ33/6saPNfqyMgukMA
> nj85QSec1HrAe9aYeSMHiOqcI1Zk
> =ORo8
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
> 
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
> 
> Promote security and make money with the Hushmail Affiliate Program: 
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists