lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nodialtone at (Byron Copeland)
Subject: Another Low Blow From Microsoft: MBSA

Thank you! .secure

I have proved in the past myself that some patches were ineffective with
other vulnerabilities to some I USED to work for.  Thanks,


On Tue, 2004-02-10 at 13:21, wrote:
> Hash: SHA1
> Another Low Blow from Microsoft.
> Within the last few weeks at our company we have been doing testing to
> find out total number of patched machines we have against the latest
> Messenger Service Vulnerability. After checking few thousand computers
> we have found several hundred were still affected even though patch has
> been applied. We have scanned with Retina, Foundstone and Qualys tools
> which they all showed as VULNERABLE, however when we scanned with Microsoft
> Base Security Analyzer it showed as NOT VULNERABLE. This was at first
> confusing; one would think an assessment tool released by the original
> vendor would actually be accurate. On the flipside it really didnt make
> sense to us why would three different commercial scanners show as vulnerable
> if they are truly patched. So we decided to do the ultimate test. We
> ran messenger service exploit against the machines that MS Base Analyzer
> showed as Not Vulnerable and 3rd party vulnerability scanners that
> showed as Vulnerable. Results were as expected, machines were exploited
> and Microsoft Base Analyzer failed to detect the vulnerable machines
> properly.
> We have concluded that, although the patch was installed on these machines,
>  the patch management script failed to reboot those few hundred systems,
>  therefore these machines were vulnerable until the next successful reboot.
> After a successful reboot all 3rd party tools showed the machines as
> not vulnerable and the exploit tool did not successfully exploit the
> machines.  3rd Party tool assessments were accurate the machines were
> truly vulnerable prior reboot.
> Had we trusted Microsoft Base Analyzer we would still be vulnerable.
> To prove this, I have captured screen shots and converted them in pdf
> format for your viewing pleasure. The screenshots shows exact same scan
> conducted with  Foundstone tool and MBSA.
> Screenshots:
> I would love to see if there are any more like us out there who encountered
> this problem. If you had similar problems our recommendation to you do
> not fully depend on MBSA, since the tool is just as buggy as the company
> itself.
> Questions comments email me at
> or Aim: Evilkind.
> Note: This signature can be verified at
> Version: Hush 2.3
> wkYEARECAAYFAkApIjwACgkQHxPzbxnt5HTNtQCfd6xpi2VasnZ33/6saPNfqyMgukMA
> nj85QSec1HrAe9aYeSMHiOqcI1Zk
> =ORo8
> Concerned about your privacy? Follow this link to get
> FREE encrypted email:
> Free, ultra-private instant messaging with Hush Messenger
> Promote security and make money with the Hushmail Affiliate Program: 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:

Powered by blists - more mailing lists