Re: MBSA with SUS or Windows Update

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 05/09/04

• Next message: Sadie: "Sadie"
• Previous message: Torgeir Bakken \(MVP\): "Re: Urgent Help Needed - Cant download Sasser Patch"
• In reply to: Dan: "MBSA with SUS or Windows Update"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 9 May 2004 14:51:40 -0700

MBSA 1.2 detects a patches for number of categories of software
that are not covered by the current version of Sus.
If you are seeing differences in detection for the same patch, that
is an issue with differences in their detection clients and the info
that they use.

For example, if you use a cmd prompt and cd to MBSA's install dir
and then issue
mbsacli -hf -v
and
mbsacli -sus -hf -v
you will likely see quite a difference in the scan info.

Where MBSA is showing things not listed by Windows Update,
these should be applied (ex. MSXML, SQL/MDSE)
Where they differ in detection info for the same patch you
should verify which one is right, if nothing else by reapplying
the patch so you know you have it on the macine.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"Dan" <anonymous@discussions.microsoft.com> wrote in message 
news:8E670553-E307-4E30-B085-0BB38568ABF6@microsoft.com...
> Hi all,
> After running MBSA against a number of machines on my LAN, all of which 
> are configured either to use SUS or Windows Update, I notice MBSA reports 
> a number of critical patches have not been applied or the version numbers 
> are incorrect.
>
> I've checked and re-checked these machines to mack sure they are fully up 
> to date according to SUS or WU and they are, which leads me to believe 
> that not all Critical Updates can be deployed by using SUS and/or the 
> Windows Update site (I know Office etc are not provided - I'm talking 
> specifically windows updates). Is this the case?,
>
> If so how long - if ever - does it take for these "Missing" updates to get 
> to SUS/WU?
>
> Regards
> Dan 

---

• Next message: Sadie: "Sadie"
• Previous message: Torgeir Bakken \(MVP\): "Re: Urgent Help Needed - Cant download Sasser Patch"
• In reply to: Dan: "MBSA with SUS or Windows Update"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Outlook error 1000 ??? ... I seem that I have all the patches, at least this is what Windows Update is ... But in fact I know that lost's of fixes don't get pickup by WU or SUS. ... > Are you current with all Outlook patches and the Office 2003 SP? ... (microsoft.public.windows.server.sbs) Re: MBSA 1.2.1 launched today ... MBSA uses the HFNetChk detection engine by Shavlik. ... Windows Update about certain patches on certain machines. ... know what to do with conflicting information. ... (microsoft.public.windows.server.sbs) Re: MBSA 1.2.1 launched today ... MBSA uses the HFNetChk detection engine by Shavlik. ... Windows Update about certain patches on certain machines. ... know what to do with conflicting information. ... (microsoft.public.security) Re: MBSA & HFNetChkPro ... > Windows Update, no patches are missing. ... MBSA 2.0 seems to be missing things. ... (microsoft.public.windowsupdate) Re: Clients do not use S.U.S. ... I configured the server name including the http:// service. ... 3.- Next I went to the domain and update the policies related to windows update. ... 4.- The next morning I found 207 patches ready to be approved. ... Then, I thought to start seeing some workstations retrieving information from the SUS server, but that never happens. ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)