Microsoft Baseline Security Analyzer vs Windows Update

I am testing Microsoft Baseline Security Analyzer (MBSA) vs Windows Update (WUP) on a clean XP/SP2 install that has Automatic Updates set to just notify.

Of course, WUP will not allow me to skip KB892130 (Windows Genuine Advantage Validation Tool).

So, I am running MBSA 2.1 (Beta) [ http://www.microsoft.com/technet/security/tools/mbsahome.mspx ] and installing each missing update (starting with the first one listed, and some updates ask to reboot).

Has anyone else tried this? Will I end up with an update system, but minus
KB892130 (WGA) & KB905474 (WGA Notifications)?

Mike

edit: Just in case someone wonders... YES, I have a real/legal copy of XP.

 

Hello,
WGA Validation and Notification are two different things.
Validation checks that your installation is genuine on the server side.
Notification does the same crap but installed on your comp and occasionally phoning home.
Mrk

 

Thanks, I already know that.

But my question is about doing the manual updates using MBSA and if those two updates will or will not be installed.

Thank you, Mike

 

Well, that only took about 2.5 hours!

But, NO KB892130 (WGA) & KB905474 (WGA Notifications).

MBSA says I only have one update todo... KB926874 (IE7)... no thanks.

I ran BeLarc Advisor [ http://belarc.com/free_download.html ] to check these updates... it says, "Microsoft Security Updates √ Up-to-date".

I next when to the Windows Update site and choose 'Custom'... it says I am missing KB898461 (permanent copy of the Package Installer) and KB892130 (WGA).

So, I looks like using MBSA is an alternative to WGA spyware.

Mike

 

LOL
Good finding flinchlok

 

Hmm...

Since I have WUP set for just notify, I just got notified I need KB898461 (permanent copy of the Package Installer).

So, what the heck... I installed (using Custom) and it went just fine.

Then I got notified I needed five other updates...
KB886185 (critical update for Windows Firewall "My Network (subnet) only")
KB910437 (Windows Automatic Updates tries to download updates on a Windows Server 2003)
KB916595 (Stop error message on a Windows XP-based)
KB922582 (A problem has been identified in Filter Manager)
KB905474 (WGA Notifications)

So, I choose Custom and unselected KB905474 (WGA Notifications).

The first four installed just fine.

System did a reboot... notified I need KB905474 (WGA Notifications).

Still no WGA!

Here are the updates that have been installed...

Mike

 

These are the links to start downloading both the beta and the 2.0.1


http://www.microsoft.com/downloads/...06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en


http://www.microsoft.com/downloads/...AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en


Validation Required
This download is available to customers running genuine Microsoft Windows. Please click the Continue button to begin Windows validation. As described in our privacy statement, Microsoft will not use the information collected during validation to identify or contact you.

Windows Vista users must pass Microsoft Genuine validation requirements to enable certain product features and to obtain non-security updates and product support from Microsoft. For more information, go to the Windows Genuine Advantage FAQ.


***********************

Do you get the same messages or something different ??

 

Please see the third line of my first post... http://www.microsoft.com/technet/security/tools/mbsa2_1/default.mspx

Crap... I did DL the file on another PC that does have already WGA!

But, the program does run just find on the non-WGA PC.

Sorry, Mike

 

You bet it does..good work around Thanks for the info Mike.

 

More hmm...

The last four updates that I let the Windows Update site install...

If I goto www.microsoft.com/downloads and search for those four updates, only the first two KB886185 & KB910437 do not indicate I need WGA, but the last two KB916595 & KB922582 indicate I DO need WGA.

I also find it strange that MBSA did not indicate I needed these....
KB886185 issued 12/13/2004
KB910437 issued 12/12/2005
KB916595 issued 06/06/2006
KB922582 issued 09/11/2006

Mike

 

Yes mike..I wanted to give you a head up on this

Important note: MBSA and SMS will not automatically identify and deploy the hotfix.

http://msmvps.com/blogs/spywaresucks/archive/2007/04/07/763494.aspx


Alswo on the one before this scheduled one we just had this might help as you continue your testing

MS07-017 - Microsoft Knowledge Base Article 925902 Updated
KB925902 has been updated - it now notes that not only is the Realtec HD Audio Control Panel experiencing issues if MS07-017 is installed, but also ElsterFormular, TUGZip and CD-Tag (3 programs I've never heard of, to be honest).

The hotfix that addresses the problems with the above four programmes conflicting with MS07-017 is already available for manual download, and will be pushed out via Automatic, Windows and Microsoft Update on Tuesday 10 April, and will be available via WSUS and SUS (although it won't hit SUS until the 12th of April).
***********************************


Also If you read the details on each of those at technet, you posted and expand the info..you will find other stuff which will explain the differences.

 

I just installed Office Professional Edition 2003 (WORD only just to test).

I also installed Office2003SP2-KB887616-FullFile-ENU.exe

I went to the Microsoft Office Update web site, but it wanted to validate my Office install.

I then ran MBSA, and it said I needed nine updates for Office.

These updates install different than the regular XP updates that are all .exe files.

For example, one of the Office update files is 'powerpnt_813b7x756dcx0c760xd75e9c1x92ef45x9727x69.cab'.

I double-clicked on the .cab file and extracted a POWERPNT.msp file.

I then double-clicked on the .msp file and the update ran just fine.

Mike

 

The first two you listed the WGA thing was not in place..but in any case that first one is this and if you are not even running the window firewall or on dial up..

KB886185 issued 12/13/2004

This update helps narrow the definition of the My network, or local subnet, restriction option in the Windows Firewall. This is helpful in situations where the Windows Firewall would consider a large network to be on the local subnet because of how the dial-up software configured the route tables. After you install this item, you may have to restart your computer.

Description of the critical update for Windows Firewall "My Network (subnet) only" scoping in Windows XP Service Pack 2

Article ID : 886185
Last Review : September 11, 2006
Revision : 4.2



SUMMARY
This article describes critical update 886185. This update helps narrow the definition of the My network (subnet) only, or local subnet, scope option in Windows Firewall. This is helpful in situations where Windows Firewall would consider a large network to be on the local subnet because of how the dial-up software configured the route tables. After you install critical update 886185, you may have to restart your computer.
Back to the top

SYMPTOMS
After you set up Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that anyone on the Internet can access resources on your computer when you use a dial-up connection to connect to the Internet. For example, after creating an exception in Windows Firewall for File and Printer Sharing, you may discover that anyone can access shared files and printers.
http://support.microsoft.com/kb/886185

 

You forgot to quote the last line...

BUT, this page [ http://www.microsoft.com/technet/security/tools/mbsahome.mspx ] says,

So, that update WILL eventually be avaliable via MBSA?

Mike

 

Cool

watch out for these possible glitches

http://www.dslreports.com/forum/remark,18157991

 

Yes I think I read that but you have to be careful with some of those hot fixes..they are rolled up somtimes..

 

Did you get a chance to read this one just
A new version of the Windows Update offline scan file is available
http://support.microsoft.com/kb/926464

It kind of sets up the parameter on what to expect from MBSA

 

Geez, there is a lot to understand... I am sure I will have more questions for you.

I was thinking to see if a PC does or does not have WGA, all I had to do was this (look for folders that start with a dollar sign):

C:\WINDOWS>dir /a $* | find "892130"

C:\WINDOWS>dir /a $* | find "905474"

BUT, appearently those two updates do NOT created the typical "$NtUninstallKB123456$".

Duh, those two WGA updates are not designed to be uninstalled.

Well, at least (I think) this method will let me know if WGA is or is not installed:

C:\WINDOWS>dir /a /s *wga*dll

You will see at least these two files: WgaLogon.dll & WgaTray.exe

Mike

 

I ran qfecheck [ http://support.microsoft.com/kb/282784 ] to also help me verify the MBSA updates are OK.

The following updates where installed via MBSA, but qfecheck did not make any mention of them.

KB911564 (MS06-006: Vulnerability in Windows Media Player plug-in with non-Microsoft Internet browsers could allow remote code execution)

KB917734 (MS06-024: Vulnerability in Windows Media Player could allow remote code execution)

KB925398 (MS06-078: Vulnerability in Windows Media Format could allow remote code execution)

Maybe since qfecheck was 'Release Date: January 18, 2002', it is too old to be of any use whatsoever?

Mike

Update: qfecheck also does not make any mention of these three updates on a PC that does have WGA (and updated via Microsoft Update).

 

here's a program i use to use when i had windows -
http://www.microsoft.com/technet/Security/tools/hfnetchk.mspx

and here's a screenshot i took of it awhile ago (it might be different now ) with the -vv option -

http://xs114.xs.to/xs114/07156/HFNetChk.GIF.xs.jpg

i suppose it's nothing different to the MBSA, but it's pretty cool

 

here's an article about 'Microsoft's Software Update Services'
http://www.securityfocus.com/infocus/1760
http://www.securityfocus.com/infocus/1762
http://www.securityfocus.com/infocus/1778

 

I give up...

I rebuilt another PC from scratch, and used MBSA 2.1 to load all the patches it said where missing.

I then installed Office 2003 Pro (only Word, Excel, and PowerPoint) and again used MBSA to load nine missing updates.

A little while later, I checked the Automatic Updates icon in the System Tray. It said the following additional updates are also missing. BUT, MBSA says all is OK! (BeLarc also says OK, but it uses the same update info as MBSA.)

Code:

                  Need WGA to
Update   Pub date   Validate
-------- ---------- ---------
KB924085 01/08/2007 NO		Security Update for Outlook 2003
KB929058 02/12/2007 YES		Update for Excel 2003
KB920103 08/07/2006 YES		Update for InfoPath
KB907417 11/08/2005 NO		Update for Office 2003
KB919029 02/15/2007 NO		Update for Office 2003
KB923097 10/06/2006 NO		Update for Office 2003
KB925251 02/12/2007 YES		Update for Office 2003
KB932330 04/09/2007 YES		Update for Outlook 2003 Junk E-mail Filter
KB929060 02/12/2007 YES		Update for PowerPoint 2003

Well, after wasting another day messing with MBSA and not using Automatic Updates, I give up... this manual updating takes way too much time!

Mike

P.S. Please, I am not really looking for any response to this post, just letting everyone about the LARGE amount of time trying to avoid WGA.