Bugtraq mailing list archives
RE: Another Low Blow From Microsoft: MBSA Failure!
From: Frank Knobbe <frank () knobbe us>
Date: Tue, 10 Feb 2004 19:24:32 -0600
On Tue, 2004-02-10 at 13:26, Joe DeMarco wrote:
Maybe it's just me but, I wouldn't consider a patch successfully applied until the machine is rebooted. Registry changes usually require this process.
I would go even further and question the reliability of just checking for the presence of Registry keys that claim a patch has been installed. Anything short of verifying the MD5 hash of a given DLL, driver file or executable just makes assumptions about a patched version being present or not. Those assumptions tend you come back to haunt you, and I believe there are enough people that had exactly that happening. I remember some patch (a year or so ago) that overwrote a previously patched DLL with a vulnerable version. Anything checking Registry keys, like Windows Update I believe, made the assumption that the system was patched when in fact the defective DLL rendered the system vulnerable. Any tool, Windows Update, MBSA, or 3rd party should check the actual files in question, not just logfiles or Registry keys (or anything that makes historical statements rather than actual statements). Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Another Low Blow From Microsoft: MBSA Failure! dotsecure (Feb 10)
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure! Valdis . Kletnieks (Feb 11)
- <Possible follow-ups>
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Joe DeMarco (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Frank Knobbe (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Eric McCarty (Feb 11)
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)