[33642] in bugtraq
Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure!
daemon@ATHENA.MIT.EDU (morning_wood)
Thu Feb 12 07:29:00 2004
From: "morning_wood" <se_cur_ity@hotmail.com>
To: <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com>,
<patchmanagement@listserv.patchmanagement.org>,
<dotsecure@hushmail.com>
Date: Tue, 10 Feb 2004 20:14:08 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <Law11-OE65ZsJIDhvVv0003c24e@hotmail.com>
> been applied. We have scanned with Retina, Foundstone and Qualys tools
> which they all showed as "VULNERABLE", however when we scanned with Microsoft
> Base Security Analyzer it showed as "NOT VULNERABLE". This was at first
> confusing; one would think an assessment tool released by the original
did you try exploit code to verify? that should dispel any ambiguity
across scanner reports, it would be real easy to load your network
hosts into a batch file or shell script and see how many "roots" you get.
just a thought... eliminates alot of guesswork.. ( imo )
m.wood
http://exploitlabs.com
