RE: MS patch-scanner for Win-NT, 2K, IIS, SQL

From: Andrew Kavanagh (andrewk@spray-quip.com)
Date: 08/17/01 

From: Andrew Kavanagh <andrewk@spray-quip.com>
To: Jim Halfpenny <jim@openanswers.co.uk>, <focus-ms@securityfocus.com>, <bugtraq@securityfocus.com>
Subject: RE: MS patch-scanner for Win-NT, 2K, IIS, SQL
Date: Fri, 17 Aug 2001 09:30:47 -0400
Message-ID: <EBEKIPJCIAPMGAMINGHHOEPFCNAA.andrewk@spray-quip.com>

I agree... http://www.microsoft.com/technet/mpsa/start.asp is good. And it
seems so far that the patches it suggests are accurate.

Andrew

-----Original Message-----
From: Jim Halfpenny [mailto:jim@openanswers.co.uk]
Sent: Thursday, August 16, 2001 5:31 AM
To: focus-ms@securityfocus.com; bugtraq@securityfocus.com
Subject: Re: MS patch-scanner for Win-NT, 2K, IIS, SQL

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
There seem to be some bugs in this tool </feignsupprise>. For instance, if
it the patch for advisory MS01-015 is not istalled, it says the patch ID
is Q286043 - it should in fact be Q286045. Q286043 is the patch for the
"Telnet Logging Vulnerability." This is potentially a serious problem - if
admins rely on tools like this to ensure their systems are patched, they
are going to be misled. I haven't checked if the other advisory/patch IDs
match one another, but I for one don't trust it.

Also, has anyone else noticed the message saying an updated version is
available when you run this program? I haven't been able to find a updated
verison of the binary or the xml file at any of the URLs I've been given.

Cheers,
Jim Halfpenny

~/o And that's not to say that there's anything wrong with being a cow
anyway ~/o

- -----------------------

http://www.theregister.co.uk/content/4/21019.html

MS patch-scanner for Win-NT, 2K, IIS, SQL
By Thomas C Greene in Washington
Posted: 15/08/2001 at 06:07 GMT

We've been eager to spill the beans about this for weeks, and even hinted
at
it in a previous story http://www.theregister.co.uk/content/4/20960.html.
Today it's official; MS has released a command-line application, HFNetChk,
which will scan all NT and/or 2K machines in a network from a single
location and compare their currently-installed patches with the latest
ones
available, making it easy for admins to identify and patch vulnerable
machines.

The app was developed by MS Security Program Manager Eric Schultze. We
gave
it a whirl over the weekend and it performed as advertised. It covers
Win-NT
and 2K; IIS 4.0 and 5.0; SQL Server 7.0 and 2000 (including MS Data
Engine);
and Internet Explorer 5.01 and later.

The tool accesses an XML file, which it downloads automatically, and which
contains information such as the files in each patch and their file
versions
and checksums, registry keys that would be applied by the hotfix,
information about which patches supersede others, related Microsoft
Knowledge Base article numbers, and the like.

If any of the file or registry details on a scanned machine don't match
the
information in the XML file, the associated security patch is identified
as
not installed and the results are displayed on the screen. The
corresponding
Knowledge Base article number is also displayed.

Switches can be used specify groups of computers to scan, output format,
engine speed, types of checks, the location of the XML file and so on,
according to the complete instructions, which should be available from MS
later today.

The progie:
http://download.microsoft.com/download/win2000platform/Utility/2.1/NT45/EN-U
S/nshc.exe

The instructions (note, going live some time Wednesday):
http://support.microsoft.com/support/kb/articles/q303/2/15.asp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: Made with pgp4pine 1.76

iD8DBQE7e5LyCa7v1yGCVNgRAlDeAJ9Pxt2+UCSEahhoRtRSAxcCMM2zdgCgwSBN
MUg5lydSlkpMwTMBMJAsbDc=
=vCCA
-----END PGP SIGNATURE-----

Relevant Pages

  • RE: Microsoft Security Advisory MS 03-007 - Problems
    ... I think that one of the most important things to remember about this patch ... MS has released buggy patches in the past. ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ... box giving hackers complete access to all your backend systems! ...
    (Focus-Microsoft)
  • Re: MS patch-scanner for Win-NT, 2K, IIS, SQL
    ... for those that haven't read the 10 pages of FAQs with the tool... ... MS01-015 contained TWO patches for IE ... patch #1 was Q286045 for the cached content issue ... >verison of the binary or the xml file at any of the URLs I've been given. ...
    (Focus-Microsoft)
  • Re: MS patch-scanner for Win-NT, 2K, IIS, SQL
    ... MS patch-scanner for Win-NT, 2K, IIS, SQL ... it the patch for advisory MS01-015 is not istalled, ... verison of the binary or the xml file at any of the URLs I've been given. ...
    (Focus-Microsoft)
  • Re: Applying Windows Updates/ Service Packs to Cluster Nodes
    ... Actually, you typically want to patch the passive nodefirst, reboot as necessary and then move resources to the patched nodeand finish the process with the remaining nodes. ... SQL is different...you must patch SQL on the node that owns the instance. ... Windows Server 2008 Readiness Team ... updates successfuly to Windows (& by extension SQL patches) Clusters ...
    (microsoft.public.windows.server.clustering)
  • Re: MS02-065
    ... The yellow X's simply says that the xml file used by MBSA ... cannot *confirm* that the specific patch is installed. ... patch will show up with a red X. SP1 installs a version of msxml3 that is ... Did I really apply the patches to my system? ...
    (microsoft.public.inetserver.iis.security)