navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI didn't detect the latest MS patches that MBSA found

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
All Threads

This thread has been marked as locked.
cvalde PSI didn't detect the latest MS patches that MBSA found
Member 14th Jul, 2010 10:01
Ranking: 11
Posts: 22
User Since: 30th Jul, 2009
System Score: N/A
Location: CL
Strange, PSI has worked relatively well for more than a year. However, now it's one day after MS Patch Tuesday. MBSA 2.1 says I need to patch both XP's Help and Support Center and Office XP (I have only Outlook XP installed). I ran PSI, expected to see matching results with MBSA as in previous cases but now PSI says I'm fully patched. I downloaded the patches (I prefer to install them by hand) but I still don't apply them. Some hours later, with a new scan, PSI still says I'm fully patched.

What happened? Didn't Secunia have time to update the PSI database yet?

Windows XP, PSI v1.5.0.2.

This user no longer exists RE: PSI didn't detect the latest MS patches that MBSA found
Member 14th Jul, 2010 10:06
Hi,

Microsoft updates are usually a special case, as with this one. Frequently updates are timed to installed after a system reboot or similar, meaning that even when Microsoft Update show all updates installed, you're still a reboot short of actually finishing the installation.

Therefore it is highly recommended to reboot and rescan when experiencing any sort of problems with Microsoft patches.

hope this helps.
Was this reply relevant?
+0
-0
cvalde RE: PSI didn't detect the latest MS patches that MBSA found
Member 14th Jul, 2010 10:47
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
It seems you don't understand.

I didn't install any patches yet.
MBSA says I need to patch my system.
PSI says I don't need any patch.

The problem is not that PSI considers me at risk after patching. The problem is that PSI is not finding the updates provided by MS for my system. It considers me in a safe state when I know I need to install the patches to become safe.
Was this reply relevant?
+1
-0
This user no longer exists RE: PSI didn't detect the latest MS patches that MBSA found
Member 14th Jul, 2010 10:55
Hi,

The PSI uses MIcrosoft's KB numbers to update Microsoft software, so manual intervention is usually unnesseracy. Have you tried running a new full scan? Does the PSI still show no patches available? And if so, could you please post the KB numbers of the detected threat here?
Was this reply relevant?
+0
-0
cvalde RE: PSI didn't detect the latest MS patches that MBSA found
Member 14th Jul, 2010 12:27
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
MBSA says the computer needs:

MS10-045 Security Update for Microsoft Outlook 2002 (KB980371)
http://support.microsoft.com/kb/980371
http://www.microsoft.com/technet/security/bulletin...
http://www.microsoft.com/downloads/details.aspx?fa...

and

MS10-042 Security Update for Windows XP (KB2229593)
http://support.microsoft.com/kb/2229593
http://www.microsoft.com/technet/security/Bulletin...
http://www.microsoft.com/downloads/details.aspx?fa...

The computer was turned on just to detect and install the MS patches. I ran MBSA and a PSI scan as usual, so I don't see the need to reboot.
Was this reply relevant?
+1
-0
This user no longer exists RE: PSI didn't detect the latest MS patches that MBSA found
Member 14th Jul, 2010 12:54
Last edited on 14th Jul, 2010 12:54 Hi,

Our rules seem to corrospond with this KB. Our rules are based on file version information, and currently to be secure with regards to Outlook, you need to have version 10.0.6838.0 of the file Outlook.exe. This is what is stated in the Microsoft knowledge base (http://support.microsoft.com/kb/980371) as well as specified by our rules.

If you locate the file and right-click it, you should be able to see the version of the file. If the file corrosponds to the lastest secure version as specified by Microsoft, you should have the latest secure version installed. Please paste this version number here, so we can identify possible cause.
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI didn't detect the latest MS patches that MBSA found
Expert Contributor 14th Jul, 2010 21:14
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@cvalde ,

Whilst waiting for Emil Petersen to get back tomorrow , I have had occasion where the PSI did not record M$ updates with a full scan because of (in my case) software firewall security settings preventing in/out access to the update website .

A record of an error "should" appear in the "error log" of the "scan" tab (on occasion it does not) .

Have you changed any system/security settings recently ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-1
cvalde RE: PSI didn't detect the latest MS patches that MBSA found
Member 15th Jul, 2010 10:47
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
http://support.microsoft.com/kb/980371
says that Outlook.exe should be at version 10.0.6863.0

The file version in my computer is 10.0.6856.0 and then MBSA flagged it as needing update.

For the other update,
http://support.microsoft.com/kb/2229593
states that helpsvc.exe should be at either version 5.1.2600.3720 or 5.1.2600.5997 but mine is 5.1.2600.5512 and hence it was tagged as needed updating.

Some minutes ago I did a full scan with PSI. It doesn't report any error, the Firewall didn't block it, but it still doesn't detect any update.

Now the automatic updates yellow tray icon has appeared, identifying the same patches that I downloaded manually and that I still didn't apply, to give PSI a last chance.
Was this reply relevant?
+1
-0
This user no longer exists RE: PSI didn't detect the latest MS patches that MBSA found
Member 15th Jul, 2010 12:30
Hi,
I've changed our rule for Outlook 2002 - Could you tell me if a rescan properly flags it now?

The PSI gets information about security patches for the operating system directly from Microsoft Update. If you are running XP service pack 2 or earlier, you will probably be unable to access Microsoft Update, since Microsoft dropped support for this OS a few days ago.
Was this reply relevant?
+0
-0
cvalde RE: PSI didn't detect the latest MS patches that MBSA found
Member 15th Jul, 2010 14:13
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
The full scan effectively found the Outlook 2002 patch now.
The Help and Support Center patch is not detected, however.

This is XP SP3 with all the patches and improvements suggested by MBSA and PSI.
Was this reply relevant?
+1
-0
metaed RE: PSI didn't detect the latest MS patches that MBSA found
Member 15th Jul, 2010 16:47
Score: 1
Posts: 110
User Since: 11th Feb 2009
System Score: 100%
Location: US
I can reproduce the problem with detection of security vulnerability KB2229593.

According to http://support.microsoft.com/kb/2229593, a high priority security patch should be applied to an XP Pro SP3 system that does not have rev 5.1.2600.5997 of HELPSVC.EXE.

I have a system with Windows XP Pro SP3 on which this patch has not been applied, and HELPSVC.EXE is at rev 5.1.2600.5512.

PSI 1.5.0.2 runs without interference from firewalls and so on, but does not detect that the patch is needed.

(I originally reported this at http://secunia.com/community/forum/thread/show/476... Thank you Maurice for the redirect.)

Cheers,

Edward

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+1
-0
This user no longer exists RE: PSI didn't detect the latest MS patches that MBSA found
Member 16th Jul, 2010 09:54
Last edited on 16th Jul, 2010 09:54 Hi,

If you rescan again, the PSI should show the threat properly. Please let me know if it worked.
Was this reply relevant?
+0
-0
cvalde RE: PSI didn't detect the latest MS patches that MBSA found
Member 16th Jul, 2010 10:34
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
Now it found the two vulnerabilities.
I patched them. Although I wasn't requested to reboot, I did.
A new rescan shows both Outlook and Windows are patched.
Thanks.
Was this reply relevant?
+1
-0
metaed RE: PSI didn't detect the latest MS patches that MBSA found
Member 16th Jul, 2010 17:06
Score: 1
Posts: 110
User Since: 11th Feb 2009
System Score: 100%
Location: US
on 16th Jul, 2010 09:54, wrote:
If you rescan again, the PSI should show the threat properly. Please let me know if it worked.


It worked. A rescan on the system with Windows XP Pro SP3 and HELPSVC.EXE at rev 5.1.2600.5512 is now raising an alert about patch KB2229593.

A rescan after applying the patch reports all vulnerabilities as patched.

Cheers,

Edward

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+