Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no"
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
PSI
| kxxxk | SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no" |
|---|---|
 |
5th Aug, 2010 04:50 |
|
Ranking: 0 Posts: 8 User Since: 8th Jan, 2009 System Score: N/A Location: N/A |
This vulnerability is the .lnk hole. Aug 3, 2010, I used Microsoft Update and also downloaded and installed from the Microsoft ms10-046.mspx page (Win XP SP3). "Add or Remove Programs" lists "Security Update for Windows XP (KB2286198)". PSI scans are made without any external drives attached and only one installation of Win XP SP3 is on my computer's hard drive. Even so, PSI scans repeatedly flag the above vulnerability. Rebooting and rescanning does not help. As with previous Win XP vulnerabilities there is no file location (Installation Path) information in the PSI scan results, but no PSI scans of previous patched(?) Win XP vulnerabilities behaved this way. Any ideas? |
| Maurice Joyce | RE: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no" | ||||||||
|
5th Aug, 2010 14:37 | ||||||||
| Score: 10539 Posts: 8,115 User Since: 4th Jan 2009 System Score: 100% Location: UK |
I think U may have this problem: http://secunia.com/community/forum/thread/show/497... Try the reinstall like my advice suggests on one of the posts then a full rescan. Has that fixed it? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
| kxxxk | RE: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no" | ||||||||
|
|
6th Aug, 2010 01:41 | ||||||||
| Score: 0 Posts: 8 User Since: 8th Jan 2009 System Score: N/A Location: N/A |
Uninstalled PSI Version 1.5.0.2 . Reinstalled Version PSI 1.5.0.2 . Did a full scan. Same result as before: PSI flags Win XP SP3 as insecure due to SA40647 / MS10-046 / KB2286198 while "Add or Remove Programs" lists "Security Update for Windows XP (KB2286198)" as present, as it should be because of an earlier security update of . I checked, and Version 1.5.0.2 is the current version of PSI. Hang on, I am working on something regarding this. I should report back shortly. |
||||||||
|
|||||||||
| kxxxk | RE: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no" | ||||||||
|
|
6th Aug, 2010 02:32 | ||||||||
| Score: 0 Posts: 8 User Since: 8th Jan 2009 System Score: N/A Location: N/A |
Indirect evidence seems to indicate that there is an error in the data PSI Version 1.5.0.2 uses in its scan. It appears that it may be that when a PSI scan detects the vulnerability in Win XP SP3 described by KB2229593, PSI puts out the message for the vulnerability described by KB2286198, instead. The evidence for this is that I followed the recommendation of AskWoody.com at the time of my patching and patched the ".lnk" vulnerability (KB2286198) but did not patch the "Windows Help and Support Center" vulnerability (KB2229593 or MS10-042), waiting for Woody's "go ahead" on the latter. [Woody recommended immediate patching of the former, instead of the usual wait to see what the patch broke, due to the active pursuit of that vulnerability by the bad guys.] Note that those patching in the order the patches were issued by Microsoft would NOT see the following behavior. Anyhow, patching for KB2286198, but NOT KB2229593, brought the PSI scan warning that the KB2286198 vulnerability still existed but NO warning of the KB2229593 vulnerability, which was not patched. Patching KB2229593 and repeating the PSI full scan REMOVED the KB2286198 warning. Should the above explanation be found to not be the case, it should be noted that the Access 2003 patch (KB981716) and the Outlook 2003 patch (KB980373) were done simultaneously with the KB2229593 patch. Please do let PSI users know if the above is a correct explanation. Thanks. |
||||||||
|
|||||||||
| E.Jeppesen | RE: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no" |
|
6th Aug, 2010 16:16 |
| Score: 180 Posts: 512 User Since: 24th Nov 2008 System Score: N/A Location: Copenhagen, DK |
kxxxk, We are currently examining the course of the issue and if you'd like to assist us further I would appreciate a screenshot of the Insecure-tab in the PSI showing Microsoft Access 2003 and the "Version Detected" column. Please send to support@secunia.com |
