[unisog] kb899588 applied, but still vulnerable?
lists at g-clef.net
Fri Aug 19 16:38:00 GMT 2005
Michael Holstein wrote:
> Here's a heads up :
> I've seen several systems which, from the control panel, show the
> installation of kb899588 (MS05-039 patch), but they still test as
> vulnerable using the various tools.
> Windows update reports "No Critical Updates Available".
> The "fix" has been to manually uninstall kb899588, reboot, then manually
> install the update (from the Microsoft Download Center, not
> WindowsUpdate), and reboot again.
> Then they test as secure.
> Anyone else seeing this, or know of a cause?
This used to happen with MS patches when the machine would crash or the
installer get terminated before the patch files actually got moved across.
The problem is, there's a registry key set for every patch. The patch
application process sets the reg key *first*, then moves the files
across. So, if the app gets killed partway through, later scans see the
reg key & think the patch was installed.
This all came up *years* ago, though. I'd be surprised (and
disappointed) if MS hadn't fixed this by now.
More information about the unisog