Microsoft Baseline Security Analyzer vs Windows Update

Discussion in 'other security issues & news' started by flinchlock, Apr 12, 2007.

Thread Status:
Not open for further replies.
  1. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I am testing Microsoft Baseline Security Analyzer (MBSA) vs Windows Update (WUP) on a clean XP/SP2 install that has Automatic Updates set to just notify.

    Of course, WUP will not allow me to skip KB892130 (Windows Genuine Advantage Validation Tool).

    So, I am running MBSA 2.1 (Beta) [ http://www.microsoft.com/technet/security/tools/mbsahome.mspx ] and installing each missing update (starting with the first one listed, and some updates ask to reboot).

    Has anyone else tried this? Will I end up with an update system, but minus
    KB892130 (WGA) & KB905474 (WGA Notifications)?

    Mike

    edit: Just in case someone wonders... YES, I have a real/legal copy of XP.
     
    Last edited: Apr 12, 2007
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    WGA Validation and Notification are two different things.
    Validation checks that your installation is genuine on the server side.
    Notification does the same crap but installed on your comp and occasionally phoning home.
    Mrk
     
  3. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Thanks, I already know that. ;)

    But my question is about doing the manual updates using MBSA and if those two updates will or will not be installed.

    Thank you, Mike
     
  4. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Well, that only took about 2.5 hours! :eek:

    But, NO KB892130 (WGA) & KB905474 (WGA Notifications). :D

    MBSA says I only have one update todo... KB926874 (IE7)... no thanks. :doubt:

    I ran BeLarc Advisor [ http://belarc.com/free_download.html ] to check these updates... it says, "Microsoft Security Updates √ Up-to-date". :D

    I next when to the Windows Update site and choose 'Custom'... it says I am missing KB898461 (permanent copy of the Package Installer) and KB892130 (WGA). :D :D

    So, I looks like using MBSA is an alternative to WGA spyware.

    Mike
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    LOL :D
    Good finding flinchlok :thumb:
     
  6. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Hmm...

    Since I have WUP set for just notify, I just got notified I need KB898461 (permanent copy of the Package Installer).

    So, what the heck... I installed (using Custom) and it went just fine. :D

    Then I got notified I needed five other updates...
    KB886185 (critical update for Windows Firewall "My Network (subnet) only")
    KB910437 (Windows Automatic Updates tries to download updates on a Windows Server 2003)
    KB916595 (Stop error message on a Windows XP-based)
    KB922582 (A problem has been identified in Filter Manager)
    KB905474 (WGA Notifications)

    So, I choose Custom and unselected KB905474 (WGA Notifications).

    The first four installed just fine. :D :D :D :D

    System did a reboot... notified I need KB905474 (WGA Notifications). :p

    Still no WGA! :cool:

    Here are the updates that have been installed...
    Mike
     
    Last edited: Apr 12, 2007
  7. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    These are the links to start downloading both the beta and the 2.0.1


    http://www.microsoft.com/downloads/...06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en


    http://www.microsoft.com/downloads/...AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en


    Validation Required
    This download is available to customers running genuine Microsoft Windows. Please click the Continue button to begin Windows validation. As described in our privacy statement, Microsoft will not use the information collected during validation to identify or contact you.

    Windows Vista users must pass Microsoft Genuine validation requirements to enable certain product features and to obtain non-security updates and product support from Microsoft. For more information, go to the Windows Genuine Advantage FAQ.


    ***********************

    Do you get the same messages or something different ??
     
  8. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Last edited: Apr 12, 2007
  9. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    You bet it does..good work around ;) Thanks for the info Mike.
     
  10. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    More hmm...

    The last four updates that I let the Windows Update site install...

    If I goto www.microsoft.com/downloads and search for those four updates, only the first two KB886185 & KB910437 do not indicate I need WGA, but the last two KB916595 & KB922582 indicate I DO need WGA.

    I also find it strange that MBSA did not indicate I needed these....
    KB886185 issued 12/13/2004
    KB910437 issued 12/12/2005
    KB916595 issued 06/06/2006
    KB922582 issued 09/11/2006

    Mike
     
  11. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Yes mike..I wanted to give you a head up on this

    Important note: MBSA and SMS will not automatically identify and deploy the hotfix.

    http://msmvps.com/blogs/spywaresucks/archive/2007/04/07/763494.aspx


    Alswo on the one before this scheduled one we just had this might help as you continue your testing

    MS07-017 - Microsoft Knowledge Base Article 925902 Updated
    KB925902 has been updated - it now notes that not only is the Realtec HD Audio Control Panel experiencing issues if MS07-017 is installed, but also ElsterFormular, TUGZip and CD-Tag (3 programs I've never heard of, to be honest).

    The hotfix that addresses the problems with the above four programmes conflicting with MS07-017 is already available for manual download, and will be pushed out via Automatic, Windows and Microsoft Update on Tuesday 10 April, and will be available via WSUS and SUS (although it won't hit SUS until the 12th of April).
    ***********************************


    Also If you read the details on each of those at technet, you posted and expand the info..you will find other stuff which will explain the differences.
     
  12. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I just installed Office Professional Edition 2003 (WORD only just to test).

    I also installed Office2003SP2-KB887616-FullFile-ENU.exe

    I went to the Microsoft Office Update web site, but it wanted to validate my Office install. :oops:

    I then ran MBSA, and it said I needed nine updates for Office. :D

    These updates install different than the regular XP updates that are all .exe files.

    For example, one of the Office update files is 'powerpnt_813b7x756dcx0c760xd75e9c1x92ef45x9727x69.cab'.

    I double-clicked on the .cab file and extracted a POWERPNT.msp file.

    I then double-clicked on the .msp file and the update ran just fine. :D :D :D

    Mike
     
  13. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    The first two you listed the WGA thing was not in place..but in any case that first one is this and if you are not even running the window firewall or on dial up..

    KB886185 issued 12/13/2004

    This update helps narrow the definition of the My network, or local subnet, restriction option in the Windows Firewall. This is helpful in situations where the Windows Firewall would consider a large network to be on the local subnet because of how the dial-up software configured the route tables. After you install this item, you may have to restart your computer.

    Description of the critical update for Windows Firewall "My Network (subnet) only" scoping in Windows XP Service Pack 2

    Article ID : 886185
    Last Review : September 11, 2006
    Revision : 4.2



    SUMMARY
    This article describes critical update 886185. This update helps narrow the definition of the My network (subnet) only, or local subnet, scope option in Windows Firewall. This is helpful in situations where Windows Firewall would consider a large network to be on the local subnet because of how the dial-up software configured the route tables. After you install critical update 886185, you may have to restart your computer.
    Back to the top

    SYMPTOMS
    After you set up Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that anyone on the Internet can access resources on your computer when you use a dial-up connection to connect to the Internet. For example, after creating an exception in Windows Firewall for File and Printer Sharing, you may discover that anyone can access shared files and printers.
    http://support.microsoft.com/kb/886185
     
  14. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    You forgot to quote the last line...
    BUT, this page [ http://www.microsoft.com/technet/security/tools/mbsahome.mspx ] says,
    So, that update WILL eventually be avaliable via MBSA?

    Mike
     
  15. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    Cool :thumb:

    watch out for these possible glitches

    http://www.dslreports.com/forum/remark,18157991
     
  16. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    Yes I think I read that but you have to be careful with some of those hot fixes..they are rolled up somtimes..
     
  17. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Did you get a chance to read this one just o_O
    A new version of the Windows Update offline scan file is available
    http://support.microsoft.com/kb/926464

    It kind of sets up the parameter on what to expect from MBSA
     
  18. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Geez, there is a lot to understand... I am sure I will have more questions for you.

    I was thinking to see if a PC does or does not have WGA, all I had to do was this (look for folders that start with a dollar sign):

    C:\WINDOWS>dir /a $* | find "892130"

    C:\WINDOWS>dir /a $* | find "905474"

    BUT, appearently those two updates do NOT created the typical "$NtUninstallKB123456$".

    Duh, those two WGA updates are not designed to be uninstalled. o_O

    Well, at least (I think) this method will let me know if WGA is or is not installed:

    C:\WINDOWS>dir /a /s *wga*dll

    You will see at least these two files: WgaLogon.dll & WgaTray.exe

    Mike
     
  19. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I ran qfecheck [ http://support.microsoft.com/kb/282784 ] to also help me verify the MBSA updates are OK.

    The following updates where installed via MBSA, but qfecheck did not make any mention of them. :(

    KB911564 (MS06-006: Vulnerability in Windows Media Player plug-in with non-Microsoft Internet browsers could allow remote code execution)

    KB917734 (MS06-024: Vulnerability in Windows Media Player could allow remote code execution)

    KB925398 (MS06-078: Vulnerability in Windows Media Format could allow remote code execution)

    Maybe since qfecheck was 'Release Date: January 18, 2002', it is too old to be of any use whatsoever?

    Mike

    Update: qfecheck also does not make any mention of these three updates on a PC that does have WGA (and updated via Microsoft Update).
     
    Last edited: Apr 14, 2007
  20. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  21. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  22. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I give up...

    I rebuilt another PC from scratch, and used MBSA 2.1 to load all the patches it said where missing.

    I then installed Office 2003 Pro (only Word, Excel, and PowerPoint) and again used MBSA to load nine missing updates.

    A little while later, I checked the Automatic Updates icon in the System Tray. It said the following additional updates are also missing. BUT, MBSA says all is OK! (BeLarc also says OK, but it uses the same update info as MBSA.)

    Code:
                      Need WGA to
    Update   Pub date   Validate
    -------- ---------- ---------
    KB924085 01/08/2007 NO		Security Update for Outlook 2003
    KB929058 02/12/2007 YES		Update for Excel 2003
    KB920103 08/07/2006 YES		Update for InfoPath
    KB907417 11/08/2005 NO		Update for Office 2003
    KB919029 02/15/2007 NO		Update for Office 2003
    KB923097 10/06/2006 NO		Update for Office 2003
    KB925251 02/12/2007 YES		Update for Office 2003
    KB932330 04/09/2007 YES		Update for Outlook 2003 Junk E-mail Filter
    KB929060 02/12/2007 YES		Update for PowerPoint 2003
    Well, after wasting another day messing with MBSA and not using Automatic Updates, I give up... this manual updating takes way too much time! o_O

    Mike

    P.S. Please, I am not really looking for any response to this post, just letting everyone about the LARGE amount of time trying to avoid WGA. :eek:
     
Loading...
Thread Status:
Not open for further replies.