Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Secunia and Microsoft disagree :-)

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
mpersico Secunia and Microsoft disagree :-)
Member 17th Apr, 2010 19:32
Ranking: -2
Posts: 5
User Since: 16th Aug, 2008
System Score: N/A
Location: US
My PSI 1.5 on Win 7 64-bit that I just intalled from scratch this week is claiming that a whole suite of MS programs (IE, IE 64 bit, all programs in the the 2007 office suite and Win 7 itself) are insecure. Yet when I hit the Download Solutions button, up pops Windows Update which tells me there are no updates available. Please advise.

michaelsalis RE: Secunia and Microsoft disagree :-)
Member 17th Apr, 2010 20:59
Score: 57
Posts: 141
User Since: 18th Feb 2009
System Score: 98%
Location: UK
If you are not already doing so view Secunia psi in advanced mode by clicking advanced at the top right hand corner of the psi window.

If you are already using psi in advanced mode expand the entries and advise the links psi are giving for the insecure programs. Then you can start working out what is going on.

Michael

--
Michael
Toshiba Satelite A660
Intel i7
Windows 7 Ultimate
IE9

Toshiba Equium Laptop
Intel Centrino Duo
Windows Vista Ultimate SP2
IE9
Was this reply relevant?
+0
-0
gjjean RE: Secunia and Microsoft disagree :-)
Contributor 17th Apr, 2010 21:28
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
Hi mPersico
Beside the advice of michaelsalis i would like that you OPEN the windows update page and click on “view update history “ to see if the latest Microsoft updates (as of 13/04/2010) are in place .
Hope that help.


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
mpersico RE: Secunia and Microsoft disagree :-)
Member 18th Apr, 2010 04:56
Score: -2
Posts: 5
User Since: 16th Aug 2008
System Score: N/A
Location: US
My Microsoft Update shows updates in place as of 15/04/2010. On that date, I show 13 different for Office 2007 and individual parts of Office 2007. So whatever secunia is complaining about is probably not fixed yet. Since I am not a heavy user of documents that are mailed to me, I'm not going to worry about it. If MS says I'm patched, then I'm patched...
Was this reply relevant?
+0
-0
taffy078 RE: Secunia and Microsoft disagree :-)
Contributor 18th Apr, 2010 08:06
Score: 408
Posts: 1,314
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 18th Apr, 2010 08:06
mpersico. Have you tried running Belarc Advisor? That will tell you of you've any MS missing updates.

http://www.belarc.com/free_download.html


(It was recommended by Anthony Wells here so it's "tried and trusted"!)

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
mogs RE: Secunia and Microsoft disagree :-)
Expert Contributor 18th Apr, 2010 08:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
on 17th Apr, 2010 19:32, mpersico wrote:
My PSI 1.5 on Win 7 64-bit that I just intalled from scratch this week is claiming that a whole suite of MS programs (IE, IE 64 bit, all programs in the the 2007 office suite and Win 7 itself) are insecure. Yet when I hit the Download Solutions button, up pops Windows Update which tells me there are no updates available. Please advise.

Hello.
Does Secunia show the file paths to the insecurities it is detecting ? Of course IE has had a known vulnerability for ages, even tho' up to date as far as MS is concerned. Regards,


--
Was this reply relevant?
+0
-0
IrishJim RE: Secunia and Microsoft disagree :-)
Member 18th Apr, 2010 16:06
Score: 0
Posts: 3
User Since: 18th Apr 2010
System Score: N/A
Location: N/A
Last edited on 18th Apr, 2010 16:23
I experienced a problem like this for the first time this weekend, which is what brought me here.

XP SP3. Microsoft Update today (18th Apr 2010) with no updates hidden shows me fully patched. Specifically, my Update History in Windows Update shows Cumulative Security Update for Internet Explorer 8 for Windows XP (KB980182) correctly installed on 17th April. My Event Log shows no relevant errors or warnings.

I have run three full scans today since I installed the update yesterday.

PSI shows Internet Explorer 8.0.6001.18702 (which is my current version as reported by IE) with iexplore.exe in the directory where it does indeed live, with Last Inspection of Program as 10th April 2010, 20:32 CET - just over a week ago, despite the three scans I've run today. The Online References tag points me to http://secunia.com/advisories/38860/ which references MS10-018 (KB980182) which Microsoft confirms as being in place.

One of my three full scans was initiated by clicking on the Re-scan Program for this IE warning, and being required to run a full scan.

I have downloaded IE8-WindowsXP-KB980182-x86-ENU.exe as a standalone patch, but I don't want to apply it if this is, as I suspect, a false report by PSI.

Any ideas?

[Edited late observation, if it helps: PSI is showing all programs, patched or unpatched, as "Last Inspection of Program as 10th April 2010, 20:32 CET" although PSI's Scan tab shows "The last full system scan was conducted on: 18 Apr. 2010, 14:21". This would seem to suggest that my scans today "didn't take", for some reason. Might reinstalling PSI fix it?]


Was this reply relevant?
+0
-0
mpersico RE: Secunia and Microsoft disagree :-)
Member 18th Apr, 2010 21:27
Score: -2
Posts: 5
User Since: 16th Aug 2008
System Score: N/A
Location: US
@taffy078 - belarc shows up to date.
Was this reply relevant?
+0
-0
This user no longer exists RE: Secunia and Microsoft disagree :-)
Member 19th Apr, 2010 09:22
Hi,

Some Microsoft updates require you to reboot and rescan. Please try rebooting, then checking back with Windows Update. If it shows any updates, install these, reboot, and rescan again.

Hope this helps.
Was this reply relevant?
+0
-0
IrishJim RE: Secunia and Microsoft disagree :-)
Member 19th Apr, 2010 22:55
Score: 0
Posts: 3
User Since: 18th Apr 2010
System Score: N/A
Location: N/A
Thanks, Emil. I rebooted, and went to Microsoft Update. It still told me I was fully up to date. I then ran a full PSI scan, and it still told me that IE needed the same patch. It also still says Last Inspection of Program:
10th Apr. 2010, 20:32 CET. I'll try uninstalling PSI.
Was this reply relevant?
+0
-0
IrishJim RE: Secunia and Microsoft disagree :-)
Member 20th Apr, 2010 00:18
Score: 0
Posts: 3
User Since: 18th Apr 2010
System Score: N/A
Location: N/A
Last response from me, I hope. Removing PSI, downloading and installing the latest version fixed my problem. PSI now recognises the current update.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability