RE: Another Low Blow From Microsoft: MBSA Failure!

From: Drew Copley (dcopley_at_eeye.com)
Date: 02/11/04

  • Next message: Eric 'MightyE' Stevens: "Re: Hacking USB Thumbdrives, Thumprint authentication" 
    Date: Tue, 10 Feb 2004 16:09:25 -0800
To: <dotsecure@hushmail.com>, <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>

    BTW, I should note that one user did respond back to my pseudo-challenge
    and noted that small businesses like his can not afford professional
    vulnerability assessment solutions.

    I apologize for alienating these users.

    To such users: please start using the free Nessus tool. Use MBSA as a
    back-up. Check in-person on any suspicious anomalies.

    > -----Original Message-----
    > From: Drew Copley [mailto:dcopley@eeye.com]
    > Sent: Tuesday, February 10, 2004 11:08 AM
    > To: dotsecure@hushmail.com; full-disclosure@lists.netsys.com;
    > bugtraq@securityfocus.com;
    > patchmanagement@listserv.patchmanagement.org
    > Subject: RE: Another Low Blow From Microsoft: MBSA Failure!
    >
    >
    >
    > > -----Original Message-----
    > > From: dotsecure@hushmail.com [mailto:dotsecure@hushmail.com]
    > > Sent: Tuesday, February 10, 2004 10:21 AM
    > > To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com;
    > > patchmanagement@listserv.patchmanagement.org
    > > Subject: Another Low Blow From Microsoft: MBSA Failure!
    > >
    > > -----BEGIN PGP SIGNED MESSAGE-----
    > > Hash: SHA1
    > >
    > > Another Low Blow from Microsoft.
    > >
    > > Within the last few weeks at our company we have been doing
    > testing to
    > > find out total number of patched machines we have against
    > the latest
    > > Messenger Service Vulnerability. After checking few
    > thousand computers
    > > we have found several hundred were still affected even though patch
    > > has been applied. We have scanned with Retina, Foundstone
    > and Qualys
    > > tools which they all showed as "VULNERABLE", however when
    > we scanned
    > > with Microsoft Base Security Analyzer it showed as "NOT
    > VULNERABLE".
    > > This was at first confusing; one would think an assessment tool
    > > released by the original vendor would actually be accurate
    >
    > <snip>
    >
    >
    > >
    > > Had we trusted Microsoft Base Analyzer we would still be vulnerable.
    >
    > Retina has the same potential functionality as MBSA. We can
    > also do registry and file checks. And, sometimes we do. But,
    > we try to do remote checks that are non-intrusive and that do
    > not use these. A big reason for this is that remote registry
    > and file checks are very unreliable.
    > (Far beyond just the fact that someone could fake out the
    > scanner by putting a dummy file or registry entry up there
    > intentionally).
    >
    > I don't know anyone that uses MBSA only for their network. It
    > is an interesting toy, but it surely isn't capable of
    > replacing a true vulnerability assessment solution.
    >
    >
    >
    >
    >
    > > Questions comments email me at dotsecure@hushamail.com or
    > > Aim: Evilkind.
    > >
    > >
    >
    > <snip>
    >
    >

  • Next message: Eric 'MightyE' Stevens: "Re: Hacking USB Thumbdrives, Thumprint authentication"