navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Vista SP2 false positive?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
davisj Vista SP2 false positive?
Member 9th Mar, 2010 16:52
Ranking: -9
Posts: 19
User Since: 30th May, 2009
System Score: N/A
Location: UK
PSI is reporting Vista SP2 as insecure in spite of all MS update having been applied apparently correctly. I have re-applied the latest updates, restarted (several times), and even reinstalled PSI (1.5.0.1). I am now at a loss what to try next - any help gratefully received. Could this be a false positive?

Dell Inspiron 530
Windows Vista 32-bit SP2
Secunia PSI 1.5.01

wr RE: Vista SP2 false positive?
Contributor 9th Mar, 2010 17:22
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the program to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if you are unsure what to do next)."

Hope this helps.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.3.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Busbar RE: Vista SP2 false positive?
Member 9th Mar, 2010 20:48
Score: 1
Posts: 2
User Since: 9th Mar 2010
System Score: N/A
Location: US
Last edited on 10th Mar, 2010 03:40
I'm not the OP, but see the same symptoms... Locations is "N/A"

_/_/_/_/_/_/_/_/_/_/_/_/_/_/

EDIT: In my case you guys were ahead of Microsoft... I ran windows update again tonight and up came the updates necessary to clear the warning


Was this reply relevant?
+1
-0
davisj RE: Vista SP2 false positive?
Member 10th Mar, 2010 12:43
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Hi wr

I do used the advanced interface and had looked up the technical details. The problem is that it simply reports the version detected as Service Pack 2 with no other path information. I had some more MS updates this morning but the problem is still there, so I'm at a loss to know what to do.
Was this reply relevant?
+1
-0
davisj RE: Vista SP2 false positive?
Member 10th Mar, 2010 12:49
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Hi busbar

I ran MS Update again this morning but no luck! If the latest updates cleared the problem for you can you let me know what patches you applied.

Thanks in advance

PS I do have the following two updates which seem to be repeatedly applied: KB977165 and KB970236. Could that have anything to do with it?
Was this reply relevant?
+1
-0
wr RE: Vista SP2 false positive?
Contributor 10th Mar, 2010 19:55
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
Please try this:

Click Start>All programs>Windows update click check for updates then install updates.

Remember this is Windoze, you will probably have to restart to
properly install the updates even if not prompted to do so, maybe
even more than once.

Hope this helps.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.3.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
ddmarshall RE: Vista SP2 false positive?
Dedicated Contributor 10th Mar, 2010 21:37
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Do you mean those updates are not shown as successfully installed?

KB977165 caused some (mainly XP) systems to bluescreen last month. It turned out that these systems had a rootkit infection. Microsoft reissued it with additional logic to prevent it installing on infected systems. Quote from Microsoft:

Why was this bulletin revised on March 2, 2010?
Microsoft revised this bulletin to announce the offering of revised packages on Windows Update for the MS10-015 update. This revision is due to a change in the package installation logic that prevents the installation of the security update if certain abnormal conditions exist on a system. These abnormal conditions on a system could be the result of an infection with a computer virus that modifies some operating system files, which renders the infected computer incompatible with the MS10-015 update. In some instances, installing security update MS10-015 on an infected computer could cause the computer to restart repeatedly. For more information about this issue, see the following Web page. This is a change to the package installation logic on updates distributed through Windows Update only; there were no changes to the security update binaries or to the Windows Update detection logic. The updates available on the Microsoft Download Center have not changed and do not contain this new package installation logic. Customers who have already successfully updated their systems, including customers with automatic updating enabled, do not need to take any action. Customers with automatic updating enabled, who have not installed this update previously, should consider applying the update at the earliest opportunity.

As this is a security update, you would be entitled to free support from Microsoft if you have problems installing it.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
davisj RE: Vista SP2 false positive?
Member 11th Mar, 2010 16:09
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Hi ddmarshal

Both the updates are shown as show as having been installed successfully. But they are repeatedly offered by MS Update, and have been installed a number of times when MS Update was set to automatic - I now apply updates manually! Also, I know how to hide updates if they are repeated.

I have thought of uninstalling the latest updates and reinstalling. But, although the updates I refer to are shown as successfully installed under update history, they do not appear under >program features>. So I can't uninstall them! Incidentally they show up as installed by the freeware product Software Inspector for Windows.

Any ideas? Don't you just love Microsoft!
Was this reply relevant?
+0
-0
davisj RE: Vista SP2 false positive?
Member 11th Mar, 2010 16:11
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Hi wr

Thanks - I tried that but still no joy. The updates are shown as successfully installed both before and after restart, but PSI still shows up as insecure.

Btw, see also my reply to ddmarshall above.
Was this reply relevant?
+0
-0
ddmarshall RE: Vista SP2 false positive?
Dedicated Contributor 11th Mar, 2010 16:51
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Perhaps Secunia is looking in the same place as Microsoft and thinking that the updates are not installed.

On my Vista SP2 system if I go to Programs and Features, select View installed updates, I can see KB977165 and KB972036 (not KB970236) and can select them for uninstallation.
There is obviously something wrong with your update process.

You could try this fix:

http://support.microsoft.com/kb/971058/en-us

or try to get hold of an Update expert on this Forum:

http://social.answers.microsoft.com/Forums/en-US/v...


--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
davisj RE: Vista SP2 false positive?
Member 11th Mar, 2010 19:44
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Thanks ddmarshall

I tried the MS fix but no joy. I've also posted the problem on the forum you suggested and will see what comes of it. In the meantime i've also posted the problem under the Secunia advisory number SA38791 in te hope that it might attract the attention of Secunia. I've followed the advisory through to the patch suggested by MS but it reports that it doesn't apply to my system. So it seems there is a conflict.
Was this reply relevant?
+0
-0
Busbar RE: Vista SP2 false positive?
Member 11th Mar, 2010 20:17
Score: 1
Posts: 2
User Since: 9th Mar 2010
System Score: N/A
Location: US
Last edited on 11th Mar, 2010 20:18
FWIW I believe that KB973917 was the responsible for clearing this alert on my machine. At the time of my that update I also installed KB890830, KB905866, and KB975561...
Was this reply relevant?
+0
-0
wr RE: Vista SP2 false positive?
Contributor 12th Mar, 2010 03:06
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
@davisj

The only 2 things I can think of is 1. you need to do a full system scan
2. you have 'hidden' patches that haven't been installed. M$ does
'trawl' your pc for Windoze programs so that the proper updates can be
offered/installed.

Be doubly sure that ALL critical updates have been installed to ALL Windoze
programs-even if you don't use them or maybe uninstalled & some remnants
were left behind.

Hope this helps.

wr



--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.3.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
ddmarshall RE: Vista SP2 false positive?
Dedicated Contributor 12th Mar, 2010 15:49
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Do you see anything when you select "View installed updates" on the Programs and Features window or "Installed Updates" in blue on the Update History window?

This is a long shot:

http://support.microsoft.com/kb/971187

I hope you have your personal data backed up.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
davisj RE: Vista SP2 false positive?
Member 13th Mar, 2010 18:11
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Thanks ddmarshall

I tried the fix under the link you provided but no joy. I note that you say I am entitled to free support from Microsoft as its a security fix so I'll probably try that route.
Was this reply relevant?
+0
-0
davisj RE: Vista SP2 false positive?
Member 13th Mar, 2010 18:13
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Hi busbar

I tried the download you suggested but it reports that it does not apply to my system. Thanks anyway.
Was this reply relevant?
+0
-0
puget1 RE: Vista SP2 false positive?
Member 13th Mar, 2010 21:29
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 13th Mar, 2010 22:11
http://xforce.iss.net/xforce/xfdb/55929 This explains the vulnerability a little better. It is possible that you may have to download MS 10- 013 before the corrected file that ddmarshall refers to. Most platforms are just that and require a foundation or layer for the next. Here is a further forum on the subject
http://secunia.com/community/forum/thread/show/348... Some security features can interfere with download actually saying they're downloaded and installed when they are not. If you are using Firefox and add-ons NO Scripts and Cookie control is notorious for this. I don't recall you stating what browser you are using?
The problem is any kind of streaming video. Poss. work around would be to download a multimedia player such as vlc. Although you cannot uninstall windows media player you could make vlc your default media player. This is untested and suggestion only!!! Whether Secunia will be tricked by this is a another matter and mind you vlc has its problems too.

--
Gone to Linux permanetly












Was this reply relevant?
+0
-0
This user no longer exists RE: Vista SP2 false positive?
Member 15th Mar, 2010 08:52
Hi,

Vista updates usually aren't shown in Windows Update (the website) but need to be installed via. Microsoft Update. This program can be launched from start. After running it, please reboot, run the program again (as some Microsoft Updates need several rounds to install), then rescan with the PSI.

Hope this helps.
Was this reply relevant?
+1
-2
wr RE: Vista SP2 false positive?
Contributor 17th Mar, 2010 21:31
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
Thread started 09March2010-last reply 15March2010 with NO response
from OP as of 17March2010. Unsubscribing & gone fishing.

wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.3.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
davisj RE: Vista SP2 false positive?
Member 18th Mar, 2010 18:42
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Hi E Petersen

I don't have Microsoft Update on my Vista system. The equivalent is Windows Update which provides updates for all products. the problem is that the security patch refreed to by PSI isn't offered by Windows Update. If I try to download manually from M$ KB the patch is reported as not applying to my system.

See my other thread - http://secunia.com/community/forum/thread/show/373...
Any suggestions gratefully accepted.
Was this reply relevant?
+0
-0
puget1 RE: Vista SP2 false positive?
Member 19th Mar, 2010 03:38
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 19th Mar, 2010 03:59
You have to go the the appropriate sites (MS update,Windows update) and check the definitions numbers out per the bulletin numbers given. If the definitions correspond and are shown as installed and are current to what we have told you Then uninstall psi ,upon the uninstall shut down the machine and wait 30seconds then boot and re-install psi and "run scan" and re- enter your profile. It should upon the re-scan now show that you are current with a 100%. If you have media direct as I do, you probably already have the appropriate definitions installed,which is why your being told that the definition file can't be installed. Have you checked to see that the movie maker software doesn't need updating in and of itself? Do you have Filehippo installed?

--
Gone to Linux permanetly












Was this reply relevant?
+3
-1
davisj01 RE: Vista SP2 false positive?
Member 19th Mar, 2010 15:53
Score: 0
Posts: 4
User Since: 26th Aug 2009
System Score: N/A
Location: N/A
Hi puget1

I've tried re-installing PSI and Filehippo shows no outstanding updates that might be relevant. PSI is reporting the need for a patch that M$ say does not apply to my system. So it's a bit Catch 22! See my other thread for more details - http://secunia.com/community/forum/thread/show/373...
Was this reply relevant?
+0
-0
puget1 RE: Vista SP2 false positive?
Member 19th Mar, 2010 19:33
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 19th Mar, 2010 19:50
You know,you have done everything possible. Maybe radical is the solution. If you don't use the movie maker. ( in my case it was Avi buffer something part of media player) I would uninstall "it""movie maker" and then try a reinstall of the movie maker(if you want it). MAYBE?, they have updated the program and it will clear psi. Had a similar problem with Ad-Aware causing a problem which couldn't be fixed until they updated their program. The biggest stumbling block is the fact that it's a third party install. Microsoft help won't get involved. If you choose this course clear out everything-program files,and reg edit then shut down to clear ocx files re-boot and go from there. It is upsetting to be told that your whole O/S is defunked until you can find out what the problem is. I would hope that secunia will come up with a better way of alerting other than Vista SP2 insecure it is alarming to say the least. You can as a last act of exhaustion use your ignore rule (I know)

--
Gone to Linux permanetly












Was this reply relevant?
+0
-0
davisj01 RE: Vista SP2 false positive?
Member 19th Mar, 2010 20:04
Score: 0
Posts: 4
User Since: 26th Aug 2009
System Score: N/A
Location: N/A
Hi puget1

The problem is that Movie Maker is a bundled with Vista and thare is no way of uninstalling - or, at least none that I have found. I've put the problem to M$ support but I guess that's a triumph of hope over experience.

Thanks anyway
Was this reply relevant?
+0
-0
puget1 RE: Vista SP2 false positive?
Member 19th Mar, 2010 23:45
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 19th Mar, 2010 23:54
http://www.thesofthelp.com/2009/08/windows-live-mo...

Here is a site about potential changes in movie maker.(if you get page not found click on blog) Have you gone t0 Google for all info regarding this anomaly?

I don't know but here is a another link:http://www.howtogeek.com/forum/topic/windows-movie... Basically, they say to shut it down at the default level

--
Gone to Linux permanetly












Was this reply relevant?
+0
-0
davisj RE: Vista SP2 false positive?
Member 22nd Mar, 2010 17:21
Score: -9
Posts: 19
User Since: 30th May 2009
System Score: N/A
Location: UK
Hi All

FIXED AT LAST. Re-scanned with PSI today and the problem was gone. So it was a false positive after all. KB975561 is definitely not installed on my system. See post to my other thread on the same topic: http://secunia.com/community/forum/thread/show/373...
Was this reply relevant?
+0
-0
FriendyAnil RE: Vista SP2 false positive?
Member 22nd Mar, 2010 17:43
Score: 0
Posts: 1
User Since: 22nd Mar 2010
System Score: N/A
Location: IN
Last edited on 22nd Mar, 2010 17:49
Vista really has trouble with re-detecting hardware, I have 4 lan connections and 6 soundcards now… (really just one of each ofcourse)
Was this reply relevant?
+1
-1

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+