Re: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: Tue, 15 Feb 2005 22:05:19 -0800 To: "Randal, Phil" <firstname.lastname@example.org>
Ping Microsoft.. they were not classified as Security patches [not
assigned 05-### numbers ergo they aren't on MBSA]
As Richard stated, they aren't security bulletins.
Heck I'd LOVE to get 835734 for the SBS 2003 platform merely on Windows
Update and honestly I can't wait for WUS or whatever. Right now there
are tons of unpatched SBS boxes that are spam machines.
I know at least 886185 is on Windows update so count your blessings.
Randal, Phil wrote:
>KB887742: "A computer that is running Microsoft Windows XP Service Pack
>2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft
>Windows Server 2003 unexpectedly stops. Additionally, the following Stop
>error message appears on a blue screen: Stop 0x05
>That's a denial of service. There are security implications there.
>KB886185: "After you set up Windows Firewall in Microsoft Windows XP
>Service Pack 2 (SP2), you may discover that anyone on the Internet can
>access resources on your computer when you use a dial-up connection to
>connect to the Internet."
>That looks like a major security hole to me.
>>[mailto:email@example.com] On Behalf
>>Of Threlkeld, Richard
>>Sent: 15 February 2005 00:19
>>To: James Lay; BuqtraqNT (E-mail); BugtraqSecurity (E-mail);
>>Subject: [Full-Disclosure] RE: Microsoft Baseline Security
>>Analyzer not seeing KB887742 and KB886185
>>These are not security updates. KB887742 is for a stop error
>>(http://support.microsoft.com/kb/887742) and KB886185 is an
>>update for network scope on the Windows Firewall
>>The MBSA scans for Security Updates only, not every hotfix
>>ever released. Note that a "Critical" patch is not
>>necessarily a "Security"
>>patch. You may be thinking of the "Maximum severity" levels
>>of the MS*-xxx security bulletins which are not the same thing.
>>Microsoft MVP - SMS
>>From: James Lay [mailto:firstname.lastname@example.org]
>>Sent: Monday, February 14, 2005 10:24 AM
>>To: BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure
>>Subject: Microsoft Baseline Security Analyzer not seeing KB887742 and
>>Subject line says it all....just did a fresh install of WinXP
>>SP2....was using MBSAFU to make sure it would patch...which
>>it did. However Windows Update shows still needing KB887742
>>and KB886185. MBSA shows no critical patches need updated.
>>Systeminfo shows that both KB887742 and
>>KB886185 are NOT installed. I'm using latest MBSA. Anyone
>>else see this? Kinda sucks :(
>>Network Manager/Security Officer
>>AmeriBen Solutions/IEC Group
>>Full-Disclosure - We believe in it.
-- An open letter to the Security Community:: http://msmvps.com/bradley/archive/2004/12/12/23540.aspx _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html