Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft Updates Not Reported Properly by PSI 2.0?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
joe schmoe Microsoft Updates Not Reported Properly by PSI 2.0?
Member 10th Feb, 2011 08:57
Ranking: 32
Posts: 130
User Since: 26th Nov, 2008
System Score: N/A
Location: US
Running XP Home SP3, PSI 2.0.0.3001.

Was in limited user and when I went to restart my system, the Start/close dialog box indicated I should choose shutdown to install MS updates. Somehow I lost track of the time of the month, and was unaware the second Tuesday had come and gone. Dialog box said do not power off or unplug the computer and a total of nine updates were installed before the computer shut down.

Does running in limited user mode necessitate MS install updates this way?

I did not see the gold shield in the system tray as I usually do when these updates occur. I also notice that PSI is only reporting six updates instead of nine. ??? Possibly some updates are redundant here?

Belarc Advisor shows eight, as follows: KB2482017-IE8, KB2393802, KB2476687, KB2478960, KB2478971, KB2479628, KB2483185, KB2485376.

What is the missing KB update I am not seeing here?

Thanks,

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2007 AIS
Win 7 Home Pro SP1 Pentium D 2.8 2 GB RAM Avast 9.0.2007 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit

Maurice Joyce RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Handling Contributor 10th Feb, 2011 11:18
Score: 11312
Posts: 8,726
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Joe,
Take a look at what MBSA is saying.

MICROSOFT BASELINE SECURITY ANALYSER (MBSA)

If U are having difficulty confirming the status of Microsoft updates installed on your PC U may wish to install MBSA.

It scans a PC, highlights general security features that were checked, in particular missing Microsoft hot fixes (patches), with additional links to fixes or help lines.

More details & the download link are here:

http://technet.microsoft.com/en-us/security/cc1849...

Update 1 23:32 25/01/2011




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
JerryJ RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Member 10th Feb, 2011 11:29
Score: 11
Posts: 1
User Since: 10th Feb 2011
System Score: N/A
Location: UK
There seems to have been some problems with KB2393802. See http://social.technet.microsoft.com/Forums/en-US/w...

I tried Windows Update a few minutes ago after being advised by Secunia Scan that I had this patch missing from XP Home sp3. The patch did not show up as being necessary for my PC (fortunately, phew..!! by the sound of it.

Hope this helps
Was this reply relevant?
+11
-0
Maurice Joyce RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Handling Contributor 10th Feb, 2011 11:35
Score: 11312
Posts: 8,726
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Jerry,
Thank U - that is very helpful to know.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Expert Contributor 10th Feb, 2011 13:44
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 10th Feb, 2011 13:58
Hi ,

I too had quite a few/lot of problems in getting M$updates to custom install yesterday (between midday and 2pm (CET)) .

I ended up with the 9 priority KB's for XP SP3 and with two of them repeated as "auto-updates" ; as displayed in the download history !!

On going back to M$updates (more than once) , I was unable to get an optional XP update KB to display and make itself available for download and have not yet gone back .

PSI and Belarc are happy with all things M$ for the moment :)

Take care

Anthony

Ps: for Joe , the missing one is KB890830 which is the monthly malware checker and so is not seen as a security fix as such .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
joe schmoe RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Member 10th Feb, 2011 20:49
Score: 32
Posts: 130
User Since: 26th Nov 2008
System Score: N/A
Location: US
Anthony & JerryJ,

Thank you for your feedback. Problems with KB updates can cause unanticipated problems, i.e., a font update resulting in a loss of network connectivity. Learned a bit from that there.

As for MBSA install and running, really not necessary as just merely going to windows update and checking history will show all new updates and their status. You were right, Anthony, in that the missing update was MS malware checker.

MBSA is a useful tool but maybe not pertinent in this situation.

Still showing only six updates, though, in PSI. Also, question re updating in limited user mode was not really addressed.

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2007 AIS
Win 7 Home Pro SP1 Pentium D 2.8 2 GB RAM Avast 9.0.2007 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Expert Contributor 11th Feb, 2011 14:41
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 11th Feb, 2011 15:00
Hi Joe ,

Sorry to be late back , very occupied atm .

If M$updates history gives you nine KB's and Belarc the eight plus/minus the Malware tool , then PSI only getting six right is not really a problem - getting all 3 sources to agree does not always happen *** .

In case it may help others , you might want to report the two missing KB's in the PSI 's detection to support direct at support@secunia.com and let us know back here what they have to say .

As you seem to use the M$ "auto-updates" on your PC and that would have been set using your "normal XP/admin" account , they should run normally . Whether you are allowed to interact when in the limited user mode you have elected , I could not say , but you simply let the automatic installation run without intereference (best advice) anyway and reboot at the end - which if your limited mode does not allow you to react to the M$ Windows prompt , you can just reboot anyway .

Perhaps someone with some expertise might add to this , bur as far as I can see (myopically) your are up to date and tickety boo :))

Let us know how get on .

Anthony

***EDIT : another cross check is to see if you have the one IE and the seven (no malware tool) XP KB's listed in your PC's control panel/add-remove .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
joe schmoe RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Member 11th Feb, 2011 18:10
Score: 32
Posts: 130
User Since: 26th Nov 2008
System Score: N/A
Location: US
Last edited on 11th Feb, 2011 18:27
Anthony,

Quite right to say auto-updates is "on" for Windows Updates. Just never was in limited user when updating occurred before, so looks as if what I saw is the procedure MS uses to install updates when in a limited account. Always used admin to update (most of the time manually) so I could see what was coming in.

I checked Add or Remove, and all the updates just posted are there,

A check of scan results did not show any KB installs listed; at least none that are recent or listed as such in Add or Remove.

So, at a loss as to how to tell support@secunia.com what KB's are missing. Maybe someone knows how to find this listing?

I counted the number of KB's in Add or Remove; I got 178 of them. Quite a few, I'd say.

Even though I cannot see a listing within PSI, I am going to post a query to Secunia to ask about the short listing I have for this month. If they choose to respond, I will post their answer here.

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2007 AIS
Win 7 Home Pro SP1 Pentium D 2.8 2 GB RAM Avast 9.0.2007 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Expert Contributor 11th Feb, 2011 23:14
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 11th Feb, 2011 23:24
Hi Joe ,

I have never noticed a KB list in the PSI - presumably your's was part of the XP3 insecure listing on the results page and was related to a/several Secunia Advisory(ies)*** . It would disappear once you were/are up to date patch wise .

The C:\Program Files\Secunia\PSI\... folder contains both psialog and sualog files which may show you which KB's were installed , but honestly , it is probably not worth the effort of slogging through them unless you have too much idle time on your hands .

Let us know if Secunia come back next week .

Take care

Anthony

***EDIT : if you scroll this listing you will see that Secunia has only 6 SA's for Windows XP SP3 Home Edition since the January 2011 patch Tuesday :-

http://secunia.com/advisories/product/16/?task=adv...

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
joe schmoe RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Member 12th Feb, 2011 12:39
Score: 32
Posts: 130
User Since: 26th Nov 2008
System Score: N/A
Location: US
Last edited on 12th Feb, 2011 12:41
Hi Anthony,

Sorry if I was not clear. No listing is readily available for PSI re WSUS updates. I never had PSI tell me I was missing some updates, as I am much too conscientious for that.

Point is well made re # of updates; it does seem Secunia runs by their own Security Advisory listings rather than by what MS does or will do.

As this is the weekend, I do not expect Secunia support to respond before Monday at the earliest, but again, any response will be posted here.

I do not think it necessary to delve into the innards of PSI to find the answers I seek as that may not be necessary or relevant. You sometimes seem to be a fountain of information, so keep up the good word.

Thanks,

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2007 AIS
Win 7 Home Pro SP1 Pentium D 2.8 2 GB RAM Avast 9.0.2007 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0
joe schmoe RE: Microsoft Updates Not Reported Properly by PSI 2.0?
Member 16th Feb, 2011 19:25
Score: 32
Posts: 130
User Since: 26th Nov 2008
System Score: N/A
Location: US
Last edited on 16th Feb, 2011 19:28
Anthony et al,

Following is a reply from Secunia explaining the difference between Secunia and other updating programs. Message is in italics (by me), otherwise, it is identical to message sent.

Hi
Thank you for contacting Secunia Support.

Secunia is about security and unlike most "updating programs" the
Secunia PSI will not tell you to update to a new version simply because
it is new. New does not necessarily equal secure. The PSI is a
vulnerability scanner and only if the new version closes a known
vulnerability in your currently installed version, will you be advised
to update.
Please take this into account when comparing the scanning results of the
PSI to other "update managers" etc.

Please let me know if you have any further questions or comments.

-
Kind regards,

Emil Jeppesen
Secunia PSI Support

Secunia PSI


As I did receive this on Monday, (kudos to Emil for quick and concise reply), sorry I did not post asap, busy w/other things here.

I think this does answer my question.

Note: Update to java/jre v. 1.6_24 just came in, and Secunia now shows seven updates for the month of February. I do note that this update file was digitally signed for February 3rd, however.

Thanks,

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2007 AIS
Win 7 Home Pro SP1 Pentium D 2.8 2 GB RAM Avast 9.0.2007 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability