Re: How Do I Programmatically Detecting Security Patches

Skywing [MVP] wrote:
Note that this will not give you an accurate view as to whether you have a
particular vulnerability fixed, and should not be used if that is your goal
as the OP has posted.

For instance, if you install a service pack or hotfix that completely
supersedes a previous hotfix without ever having installed that previous
hotfix, and you are looking for the old hotfix in the registry, you will
incorrectly assume that the computer is vulnerable.

For this reason, I would recommend using WUA and asking it what you are
*missing*, and checking that list against things that you want to make sure
are installed.

That is correct, all I care about is whether or not the security
vulnerability is fixed, not how it was fixed or what fixed it. I also
would rather not have to maintain a list of what patches fix what holes
since two different patches may fix the same hole.

The problem that I may have with WUA is that in order to find a list of
what patches the user needs it appears they will have to connect to MS
to get a list of what is available for them. Is it possible for me to
maintain a mirror of some kind as I would rather the end-user only have
to connect to me so their firewall doesn't go off alerting them that my
application is trying to connect to another location.

Also, using WUA, if there is patch A which superscedes patch B and the
end user has neither, what will WUA say the user needs? Patch A, patch
B or both?

.

Relevant Pages

  • Re: Microsofts Early Xmas Present.
    ... Microsoft advisory stated that the vulnerability only affected certain ... configurations (if you were using the Index Server). ... More than a few people didn't install IIS patches because the vulnerability ... get to figure out how to deploy the patch. ...
    (Incidents)
  • Re: MS04-013 needs revision?
    ... and so the patch was never applied... ... What systems are primarily at risk from the vulnerability? ... I do not use Outlook Express to read e-mail or newsgroups. ... I suggest you install MS04-013 or a newer Cumulative Security Update for Outlook Express, as appopriate for each OS. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750
    ... Is there some secret way to get the patch out - to all system? ... I know at least two home users who are scared to install ANY ...
    (microsoft.public.security.virus)
  • Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750
    ... Is there some secret way to get the patch out - to all system? ... I know at least two home users who are scared to install ANY ...
    (microsoft.public.win2000.security)
  • Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750
    ... Is there some secret way to get the patch out - to all system? ... I know at least two home users who are scared to install ANY ...
    (microsoft.public.security)
Loading