[unisog] kb899588 applied, but still vulnerable?

Aaron Gee-Clough lists at g-clef.net
Fri Aug 19 16:38:00 GMT 2005

Michael Holstein wrote:
> Here's a heads up :
> I've seen several systems which, from the control panel, show the 
> installation of kb899588 (MS05-039 patch), but they still test as 
> vulnerable using the various tools.
> Windows update reports "No Critical Updates Available".
> The "fix" has been to manually uninstall kb899588, reboot, then manually 
> install the update (from the Microsoft Download Center, not 
> WindowsUpdate), and reboot again.
> Then they test as secure.
> Anyone else seeing this, or know of a cause?

This used to happen with MS patches when the machine would crash or the 
installer get terminated before the patch files actually got moved across.
	The problem is, there's a registry key set for every patch.  The patch 
application process sets the reg key *first*, then moves the files 
across.  So, if the app gets killed partway through, later scans see the 
reg key & think the patch was installed.
	This all came up *years* ago, though.  I'd be surprised (and 
disappointed) if MS hadn't fixed this by now.


More information about the unisog mailing list