|block_copy||My PSI does not detect missing XP patches|
|20th Nov, 2010 00:51|
User Since: 20th Nov, 2010
System Score: N/A
Hi all and thanks for your advice. I am cleaning up a middle-aged laptop that has not been used for some time. It previously had XP SP2 on it. I installed SP3 today but have not installed any post-SP3 patches. I also downloaded both Secunia PSI 188.8.131.52 (direct from secunia.com) and Belarc Advisor (from belarc.com) today to get other opinions besides Microsoft's about what
OS patches I need most.
MS's own Windows Update site says I need 87 "high priority" updates and patches. Belarc counts 61 "critical" and "high priority" updates needed. PSI, by contrast, just says "This installation of Microsoft Windows XP Professional was detected as being patched...No further actions are currently needed." If PSI is supposed to detect needed Windows patches at a finer grain than just service patch level, it isn't doing it for me. Other aspects of the program appear to be working fine (the older versions of Adobe Reader and Flash on this laptop are correctly called out as insecure, for instance.)
Have I installed or configured PSI wrong? "Show only easy-to-patch programs" is not checked, and there are no ignore rules.
Thanks for any and all advice!
|Anthony Wells||RE: My PSI does not detect missing XP patches|
|20th Nov, 2010 11:44|
User Since: 19th Dec 2007
System Score: N/A
For the PSI to correctly read M$ it needs to be able to connect to it's sources ; so IE (the embedded bit) needs to be correctly configured to reach both the Secunia servers and the M$ site :-
It needs to get out of your Firewall and back in ; but most importantly for M$ patches to show you must run a full scan with no errors shown in the log on the PSI's scan page .
After any M$ patch , you need to reboot (or sometimes/on occasion cold restart) for their validation to "kick in" ; the cycle of patch , reboot , return to M$ updates needs to be repeated until there is nothing offered at M$ for your system . Scanning may/will take time for the PSI display to adjust to your system - so rescanning before every/all updating is complete may add to the confusion . Even when the M$ update shield appears in your Task bar , the PSI needs you to run a full scan to catch up .
If in any doubt , I tend to rely on the Belarc results ; with the caveat that they seem to need 24/48 hours to offer their signature update after say a patch Tuesday .
Not sure if that answers your question entirely , but hope it helps .
It always seems impossible until its done.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.