[unisog] kb899588 applied, but still vulnerable?

Russell Fulton r.fulton at auckland.ac.nz
Sun Aug 21 20:47:29 GMT 2005

Hi Michael,
	   Two things:  Have you tried a real exploit against any of these boxes?  Have you tried something like GFI Languard which does far more than just check the registery key -- it checks the fingerprint of the dll concerned to make sure it really is the new one.


Michael Holstein wrote:
> Here's a heads up :
> I've seen several systems which, from the control panel, show the 
> installation of kb899588 (MS05-039 patch), but they still test as 
> vulnerable using the various tools.
> Windows update reports "No Critical Updates Available".
> The "fix" has been to manually uninstall kb899588, reboot, then manually 
> install the update (from the Microsoft Download Center, not 
> WindowsUpdate), and reboot again.
> Then they test as secure.
> Anyone else seeing this, or know of a cause?
> Regards,
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list