Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Is PSI 2.0 missing patches in XP?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
cvalde Is PSI 2.0 missing patches in XP?
Member 15th Jun, 2011 04:47
Ranking: 11
Posts: 22
User Since: 30th Jul, 2009
System Score: N/A
Location: CL
Hello, this is the troubleshoot report generated by PSI 2.0:

---START---

Program Name:
Microsoft Windows XP Professional

Security State:
Insecure

Download Link:
http://update.microsoft.com/microsoftupdate/

Missing Microsoft Patches (KB numbers):
KB2536276
KB2476490
KB2503665

Instances Found:

Last System Scan (localtime):
14. Jun 2011, 17:13

Operating System:
Microsoft Windows XP Professional, XP

---END---

What's strange is the low number of missing patches! I ran MBSA 2.2 and it found much more. I copied here only the missing entries from the MBSA report:

Issue: Developer Tools, Runtimes, and Redistributables Security Updates
Score: Check failed (critical)
Result: 6 security updates are missing.

Security Updates

| MS11-049 | Missing | Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481) | Important |
| MS11-025 | Missing | Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242) | Important |
| MS11-025 | Missing | Security Update for Microsoft Visual Studio 2008 Service Pack 1 (KB2538241) | Important |
| MS11-025 | Missing | Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243) | Important |
| MS11-049 | Missing | Security Update for Microsoft Visual Studio 2008 Service Pack 1 XML Editor (KB2251487) | Important |
| MS11-025 | Missing | Security Update for Microsoft Visual Studio 2005 Service Pack 1 (KB2538218) | Important |

Issue: Windows Security Updates
Score: Check failed (critical)
Result: 11 security updates are missing.

Security Updates

| MS11-052 | Missing | Security Update for Internet Explorer 8 for Windows XP (KB2544521) | Critical |
| MS11-037 | Missing | Security Update for Windows XP (KB2544893) | Important |
| MS11-044 | Missing | Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870) | Critical |
| MS11-039 | Missing | Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658) | Critical |
| MS11-050 | Missing | Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548) | Critical |
| MS11-043 | Missing | Security Update for Windows XP (KB2536276) | Critical |
| MS11-042 | Missing | Security Update for Windows XP (KB2535512) | Critical |
| MS11-039 | Missing | Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663) | Critical |
| MS11-046 | Missing | Security Update for Windows XP (KB2503665) | Important |
| MS11-038 | Missing | Security Update for Windows XP (KB2476490) | Critical |
| MS11-044 | Missing | Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864) | Critical |

I don't know what happens with PSI, maybe it's not reliable in XP SP3?

C.

This user no longer exists RE: Is PSI 2.0 missing patches in XP?
Member 15th Jun, 2011 14:22
Hi,

Please refer to this item of our FAQ: http://secunia.com/vulnerability_scanning/personal...

hope this helps.
Was this reply relevant?
+0
-0
xsylus RE: Is PSI 2.0 missing patches in XP?
Member 15th Jun, 2011 20:55
Score: 0
Posts: 2
User Since: 15th Jun 2011
System Score: N/A
Location: US
I was able to find KB2536276 and KB2503665 for XP 32bit but KB2476490 only shows for XP 64bit, vista, win 7, etc. Thus Secunia is never satified because I don't have KB2476490 installed. It's really annoying that secunia doesn't take you to the MS download center but rather the useless support page. Also for some reason these files aren't listed under the microsoft update page; it says there are no high-priority updates available which means I have them installed. Secunia is starting to get on my nurves.
Was this reply relevant?
+0
-0
ddmarshall RE: Is PSI 2.0 missing patches in XP?
Dedicated Contributor 15th Jun, 2011 21:30
Score: 1198
Posts: 953
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I was able to find the download for KB2476490 XP SP3 from the link in the security bulletin.
http://www.microsoft.com/download/en/details.aspx?...

There seem to be problems with the new format Download Center

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
cvalde RE: Is PSI 2.0 missing patches in XP?
Member 16th Jun, 2011 05:05
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
Sorry, Emil, but it seems I didn't explain the problem properly. The link you gave is for FAQ #2, "Windows Update says my Windows files are up to date, but the Secunia PSI is still reporting my software as insecure. What should I do?".

The problem I have is the opposite: PSI says I only need three patches but MBSA says I need more than 10 (and I posted the MBSA report). It's not about Windows Update failing, it's abou PSI giving a false sense of security by reporting only 1/4 of the vulnerabilities that I need to patch in Windows XP SP3.

Thanks for reading.

C.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability