Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: My PSI does not detect missing XP patches

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
block_copy My PSI does not detect missing XP patches
Member 20th Nov, 2010 00:51
Ranking: 0
Posts: 1
User Since: 20th Nov, 2010
System Score: N/A
Location: US
Hi all and thanks for your advice. I am cleaning up a middle-aged laptop that has not been used for some time. It previously had XP SP2 on it. I installed SP3 today but have not installed any post-SP3 patches. I also downloaded both Secunia PSI 1.5.0.2 (direct from secunia.com) and Belarc Advisor (from belarc.com) today to get other opinions besides Microsoft's about what
OS patches I need most.

MS's own Windows Update site says I need 87 "high priority" updates and patches. Belarc counts 61 "critical" and "high priority" updates needed. PSI, by contrast, just says "This installation of Microsoft Windows XP Professional was detected as being patched...No further actions are currently needed." If PSI is supposed to detect needed Windows patches at a finer grain than just service patch level, it isn't doing it for me. Other aspects of the program appear to be working fine (the older versions of Adobe Reader and Flash on this laptop are correctly called out as insecure, for instance.)

Have I installed or configured PSI wrong? "Show only easy-to-patch programs" is not checked, and there are no ignore rules.

Thanks for any and all advice!

Anthony Wells RE: My PSI does not detect missing XP patches
Expert Contributor 20th Nov, 2010 11:44
Score: 2445
Posts: 3,337
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello ,

For the PSI to correctly read M$ it needs to be able to connect to it's sources ; so IE (the embedded bit) needs to be correctly configured to reach both the Secunia servers and the M$ site :-

http://secunia.com/vulnerability_scanning/personal...

It needs to get out of your Firewall and back in ; but most importantly for M$ patches to show you must run a full scan with no errors shown in the log on the PSI's scan page .

After any M$ patch , you need to reboot (or sometimes/on occasion cold restart) for their validation to "kick in" ; the cycle of patch , reboot , return to M$ updates needs to be repeated until there is nothing offered at M$ for your system . Scanning may/will take time for the PSI display to adjust to your system - so rescanning before every/all updating is complete may add to the confusion . Even when the M$ update shield appears in your Task bar , the PSI needs you to run a full scan to catch up .

If in any doubt , I tend to rely on the Belarc results ; with the caveat that they seem to need 24/48 hours to offer their signature update after say a patch Tuesday .

Not sure if that answers your question entirely , but hope it helps .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer