Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: M$ and PSI at it again

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
TiMow M$ and PSI at it again
Dedicated Contributor 13th Oct, 2010 17:12
Ranking: 737
Posts: 728
User Since: 26th Jun, 2009
System Score: N/A
Location: CH
Having completed a scan (to recognise Java u.22), PSI (1.5.0.2) reported 4 insecurities -
XP SP3 (2 times), IE8 and Windows Media Player; plus PowerPoint Viewer 2003 as End-of-LIfe.

M$ Update downloaded and installed 11 KB updates.
Re-boot and re-scan left only PPV 2003 as e-o-l. -- download solution went to PPV 2007, which was shown in All Programs (Start menu), but no change in PSI (after installation).

Re-boot and re-scan had XP SP3 insecure and PPV 2003 as e-o-l.

Re-checked M$ update, which offered 6 further KB updates, relating to M$ Office 2007 - 2 failed (Security Update for the 2007 Microsoft Office System (KB951944) and Security Update for Microsoft Office 2007 (KB951550)). I don't have the paid Office installed.

Re-boot and re-scan now listed .Net 1.x, .Net 1.1.x and .Net 2.x and XP SP3 as insecure, plus still PPV 2003 as e-o-l

M$ update now offered up a further 5 KB updates relating to M$ Office System and PPV 2007 (SP2)

N.B. All PSI scans 'til this point, showed, on completion, last full scan as 7 hrs. ago, giving the time of 7 hrs. previously.

Re-boot and re-scan now showed correct completion time (last scan 1 minute ago), no insecurities and PPV 2003 gone from e-o-l.

In total - 22 M$ KB updates (all manually instigated), numerous re-boots, re-scans - PSI falsely/inaccurately reporting some insecurities (there were no further .Net updates, and XP changed status several times with no further updates) - much messing about and time lost.

When M$ and PSI fall-out - just keep checking M$ updates, re-booting and re-scanning, over and over - but it's probably down to luck!

Hope this offers an insight into what some may still have to come.

TiMow

--
Computing is not yet a perfect science - it still requires humans.

Anthony Wells RE: M$ and PSI at it again
Expert Contributor 13th Oct, 2010 17:37
Score: 2439
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello TiMow ,

For me the 11 KB's downloaded quite quickly via M$updates ->Custom install select all .

My PPV stand alone 2007 is up to date ; as I remember , when you upgrade from 2003 to 2007 you still get a raft of M$ Office updates .

Your problem (!?) as such probably arose from mixing the two jobs ; anyway when/after you upload M$ updates you need to reboot and then go back to M$ updates and repeat the process until no more KB's are offered , again reboot and do the cycle one more time - just for luck .

Only then is it the time to run the PSI , maybe even cold start first ; it's never going to keep up with you , as you have found out . The process is always going to take it's time , so you let it run it's course and then run the PSI or Belarc - make sure the latter is updated to the latest bulletin which is also not instantaneous .

Hope that helps clarify things a little .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability