Re: MS04-027 and MS04-028 not detected
From: Doug Neal [MSFT] (dugn_at_online.microsoft.com)
Date: 09/15/04
- Next message: Stefan Kanthak: "Re: MS04-027 and MS04-028 not detected"
- Previous message: R Giskard Reventlov: "software update bubble does not show up in TS"
- In reply to: Gerry Hickman: "Re: MS04-027 and MS04-028 not detected"
- Next in thread: Stefan Kanthak: "Re: MS04-027 and MS04-028 not detected"
- Reply: Stefan Kanthak: "Re: MS04-027 and MS04-028 not detected"
- Reply: Kim Oppalfens: "Re: MS04-027 and MS04-028 not detected"
- Reply: Matt Johnson: "Re: MS04-027 and MS04-028 not detected"
- Reply: Tom Alverson: "Re: MS04-027 and MS04-028 not detected"
- Reply: Rory Niland: "Re: MS04-027 and MS04-028 not detected"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Sep 2004 14:23:41 -0700
Gerry - Your point is well taken. We're doing our best to provide the best
detection through MBSA as we work on our next major version which is still
quite a way off (no public ETA).
As much as we'd like to avoid it, when MBSA cannot authoritatively and
exhaustively indicate the patch status for a particular patch, we're forced
to create a Note message. For MS04-028, there are 26 various patches
depending on which of 45+ operating systems, IE versions and Microsoft
products are present on a machine. As significant as this GDI+
vulnerability is, there was simply no way MBSA could authoritatively cover
all possible cases and provide the correct patch status for every case.
As a company, we created the GDI+ Detection tool (available for download and
through Windows Update) to help centralize the detection effort across
products MBSA doesn't support (see the full list at KB306460).
It's true that MBSA will not be able to detect the patch status except for
local scans of Microsoft Office products (6 of the 26 potential affected
platforms/products), but we're directing users to the GDI+ Detection tool as
a method to identify all cases and apply the appropriate patch separate from
the limited guidance MBSA can provide in this case. The additional
technical information in the MSRC bulletin (MS04-028) provides enough detail
for the technically minded to create other solutions/use other methods that
may be more appropriate for their environment to identify and patch all
cases of the vulnerable GDI+ instances.
With a good understanding of the security requirements of our customers,
we're working to ensure even better vulnerability assessment in the future.
I hope that helps...
-- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for the Microsoft Baseline Security Analyzer (MBSA) at the following link: http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a This e-mail address does not receive e-mail, but is used for newsgroup postings only. "Gerry Hickman" <gerry666uk@yahoo.co.uk> wrote in message news:epQeyr1mEHA.3396@tk2msftngp13.phx.gbl... > Hi Doug, > >> MBSA does not support either of these patches for patch detection, > > I have to say I find this REALLY disappointing. The whole point of a tool > like MBSA is to be able to check file versions against installed products, > NOT just say to people "you may need a patch, but we don't really know". > > This "note" message is no more use than going to the Microsoft security > site. It does not tell you if a machine needs patched or not. What if you > have reinstall one of the many vulnerable products - the tool won't tell > you you're open to attack again... > > It's also disappointing that this newer release 1.2.1 still cannot test > missing Microsoft Office patches, unless you install it on 1000+ machines > and run it locally? Conversely Shavlik's product does this without any > problem. > > I realise MBSA is free, but it's supposed to be part of Microsoft's drive > towards secure computing, and these limitations relate to thier OWN > flagship products (Windows and Office)! > > -- > Gerry Hickman (London UK)
- Next message: Stefan Kanthak: "Re: MS04-027 and MS04-028 not detected"
- Previous message: R Giskard Reventlov: "software update bubble does not show up in TS"
- In reply to: Gerry Hickman: "Re: MS04-027 and MS04-028 not detected"
- Next in thread: Stefan Kanthak: "Re: MS04-027 and MS04-028 not detected"
- Reply: Stefan Kanthak: "Re: MS04-027 and MS04-028 not detected"
- Reply: Kim Oppalfens: "Re: MS04-027 and MS04-028 not detected"
- Reply: Matt Johnson: "Re: MS04-027 and MS04-028 not detected"
- Reply: Tom Alverson: "Re: MS04-027 and MS04-028 not detected"
- Reply: Rory Niland: "Re: MS04-027 and MS04-028 not detected"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
