[19818] in bugtraq
Re: Microsoft KB# to Advisory name mapping
daemon@ATHENA.MIT.EDU (Mark Maher)
Fri Mar 23 18:04:25 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Message-ID: <sabb1942.061@smtp.ochsner.org>
Date: Fri, 23 Mar 2001 09:36:32 -0600
Reply-To: Mark Maher <mmaher@OCHSNER.ORG>
From: Mark Maher <mmaher@OCHSNER.ORG>
X-To: desmond.irvine@SHERIDANC.ON.CA
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
I believe SPQuery from St. Bernard Software will do this. See www.stbernard.com . It's a good product for managing SP's and hotfixes, and does provide a lot of additional information.
>>> Desmond Irvine <desmond.irvine@SHERIDANC.ON.CA> 03/22/01 01:17PM >>>
Does anyone know where I could find a table that would map the Microsoft
KB#'s that the hotfixes are associated with to the Advisory name
(MS##-###)? I know XATO has a page something like what I want, but it
doesn't seem to be complete or up to date:
http://www.xato.net/advisories/beta/win2k.htm
When looking at an NT server to determine what hotfixes have been
applied you can run "hotfix -l" to get a dialog box with the KB#'s in it
(Q147222, Q238606, etc.) You can also scan the registry in
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix
to get a similar listing some of which will have comments and fix
description keys that may or may not be useful in identifying the
advisories they are associated with. What I ideally want to get is
something like:
MS00-086 - web server file request parsing vulnerabilty - Q277873
...
On a machine with unknown patches applied it can be a real pain to go
from the KB#'s to the MS Advisories.
Thanks, Desmond.
