Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no"

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
kxxxk SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no"
Member 5th Aug, 2010 04:50
Ranking: 0
Posts: 8
User Since: 8th Jan, 2009
System Score: N/A
Location: N/A
This vulnerability is the .lnk hole. Aug 3, 2010, I used Microsoft Update and also downloaded and installed from the Microsoft ms10-046.mspx page (Win XP SP3). "Add or Remove Programs" lists "Security Update for Windows XP (KB2286198)". PSI scans are made without any external drives attached and only one installation of Win XP SP3 is on my computer's hard drive. Even so, PSI scans repeatedly flag the above vulnerability. Rebooting and rescanning does not help. As with previous Win XP vulnerabilities there is no file location (Installation Path) information in the PSI scan results, but no PSI scans of previous patched(?) Win XP vulnerabilities behaved this way.

Any ideas?

Maurice Joyce RE: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no"
Handling Contributor 5th Aug, 2010 14:37
Score: 11609
Posts: 8,906
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I think U may have this problem:

http://secunia.com/community/forum/thread/show/497...

Try the reinstall like my advice suggests on one of the posts then a full rescan.

Has that fixed it?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
kxxxk RE: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no"
Member 6th Aug, 2010 01:41
Score: 0
Posts: 8
User Since: 8th Jan 2009
System Score: N/A
Location: N/A
Uninstalled PSI Version 1.5.0.2 . Reinstalled Version PSI 1.5.0.2 . Did a full scan. Same result as before: PSI flags Win XP SP3 as insecure due to SA40647 / MS10-046 / KB2286198 while "Add or Remove Programs" lists "Security Update for Windows XP (KB2286198)" as present, as it should be because of an earlier security update of .

I checked, and Version 1.5.0.2 is the current version of PSI.

Hang on, I am working on something regarding this. I should report back shortly.
Was this reply relevant?
+0
-0
kxxxk RE: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no"
Member 6th Aug, 2010 02:32
Score: 0
Posts: 8
User Since: 8th Jan 2009
System Score: N/A
Location: N/A
Indirect evidence seems to indicate that there is an error in the data PSI Version 1.5.0.2 uses in its scan. It appears that it may be that when a PSI scan detects the vulnerability in Win XP SP3 described by KB2229593, PSI puts out the message for the vulnerability described by KB2286198, instead.

The evidence for this is that I followed the recommendation of AskWoody.com at the time of my patching and patched the ".lnk" vulnerability (KB2286198) but did not patch the "Windows Help and Support Center" vulnerability (KB2229593 or MS10-042), waiting for Woody's "go ahead" on the latter. [Woody recommended immediate patching of the former, instead of the usual wait to see what the patch broke, due to the active pursuit of that vulnerability by the bad guys.] Note that those patching in the order the patches were issued by Microsoft would NOT see the following behavior.

Anyhow, patching for KB2286198, but NOT KB2229593, brought the PSI scan warning that the KB2286198 vulnerability still existed but NO warning of the KB2229593 vulnerability, which was not patched. Patching KB2229593 and repeating the PSI full scan REMOVED the KB2286198 warning. Should the above explanation be found to not be the case, it should be noted that the Access 2003 patch (KB981716) and the Outlook 2003 patch (KB980373) were done simultaneously with the KB2229593 patch.

Please do let PSI users know if the above is a correct explanation. Thanks.
Was this reply relevant?
+0
-0
E.Jeppesen RE: SA40647 / MS10-046 / KB2286198 is patched, but PSI says "no"
Secunia Official 6th Aug, 2010 16:16
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
kxxxk,
We are currently examining the course of the issue and if you'd like to assist us further I would appreciate a screenshot of the Insecure-tab in the PSI showing Microsoft Access 2003 and the "Version Detected" column.
Please send to support@secunia.com

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability