MS03-039 Plugin and WinXP SP2

Peter HEARD peter at mda.ca
Wed Aug 11 13:20:16 EDT 2004 

It's not clear to me why the MS03-039 plugin is still required. According to
the Microsoft site the patch MS04-012 completely replaces MS03-039 for NT4,
2000, XP and 2003. See the faq at:
http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

The problem I have is that for fresh installs, MS03-039 never needs to be
applied (MS04-012 is instead). As a result all systems with fresh installs
show up as missing MS03-039 which seems to be irrelevant. Neither Patchlink
nor MBSA require the installation of MS03-039, just MS04-012. The only
significant vulnerability is whether or not MS04-12 is installed.

Is this not the case, or am I missing something here?

Peter  Heard
------------------------------------------------------------------------
Peter Heard                    E-mail: peter at mda.ca
Electrical Engineer            Phone:  1 (604) 231-2358 (direct)
MacDonald Dettwiler            Phone:  1 (604) 278-3411 (operator)
13800 Commerce Parkway,        Fax:    1 (604) 278-2936
Richmond BC Canada, V6V 2J3    URL:    http://www.mda.ca
------------------------------------------------------------------------



-----Original Message-----
From: Jason Haar [mailto:Jason.Haar at trimble.co.nz]
Sent: August 10, 2004 6:04 PM
To: nessus at list.nessus.org
Subject: Re: MS03-039 Plugin and WinXP SP2


I think I've figured out the problem. Some or all of the XP SP2-installed
boxes have reduced registry access to that section! So the unpriviledged
account I was using to run the scan can no longer return those keys.

Weird, other registry lookup failures appear to be caught by Nessus with
statements like "this may be a false positive if the account you are using
doesn't have administrative access". 

Should those key lookups also contain such a statement?

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus at list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

More information about the Nessus mailing list