Microsoft Baseline Security Analyzer

[Ergolad]

Hi there. By the way, thanks for this software. I'm prepping to restore 8 workstations to their factory settings. I stumbled across APXP looking for a way to simplify the updating process.

I ran a test on my own system and did a full default install with APXP just to get an idea of how the interface worked and how long to expect it to take. My machine was pretty up to date already, but APXP found quite a few items that were not. Interestingly it determined that I had NOT installed quite a few updates that I know I already had. The Windows Update website was showing me clean. Regardless I went ahead and followed APXP's recommendations figuring it wouldn't hurt to reinstall some of these items.

For the most part there haven't been many problems. I ran into a weird MSIM thing where it got into a reinstall loop for some reason, but I was able to correct it by uninstalling and reinstalling. Also ODBC failed during APXP's first pass, but seemed to install fine on a minimal follow up pass. But a visit to WIN Update showed that an update now needed to be installed "Security Update for Microsoft Data Access Components (KB832483)".

The main problem that I want to address here though are the results of a Microsoft Baseline Security Analysis test I just ran. Can anyone explain these results if I just used APXP to bring this machine up to date? Microsoft Baseline Security Analyzer suggests that I manually update each one of these individually. Kinda defeats the purpose of APXP. Could these have been left over from previous updates, thus skipped by APXP? Are the updates provided by APXP out of date? Are these non-standard updates and thus not "caught" by WIN Update website? Thanks for any help!

Here are the results of the scan:

14 security updates are out of date or could not be confirmed.

Result Details

Windows Security Updates

Security updates that are out of date are marked with a yellow X

Score Security Update Description Reason

MS02-050 Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) File version is greater than expected. [C:\WINDOWS\system32\crypt32.dll, 5.131.2600.1152 > 5.131.2600.1123]

MS02-071 Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) File version is greater than expected. [C:\WINDOWS\system32\win32k.sys, 5.1.2600.1335 > 5.1.2600.1134]

MS02-072 Unchecked Buffer in Windows Shell Could Enable System Compromise (Q329390) File version is greater than expected. [C:\WINDOWS\system32\shmedia.dll, 6.0.2800.1157 > 6.0.2800.1125]

MS03-005 Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) File version is greater than expected. [C:\WINDOWS\system32\drivers\mrxsmb.sys, 5.1.2600.1239 > 5.1.2600.1143]

MS03-013 Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493) File version is greater than expected. [C:\WINDOWS\system32\ntkrnlpa.exe, 5.1.2600.1240 > 5.1.2600.1150] File version is greater than expected. [C:\WINDOWS\system32\ntoskrnl.exe, 5.1.2600.1240 > 5.1.2600.1150]

MS03-027 Unchecked Buffer in Windows Shell Could Enable System Compromise (821557) File version is greater than expected. [C:\WINDOWS\system32\shell32.dll, 6.0.2800.1502 > 6.0.2800.1233]

MS03-034 Flaw in NetBIOS Could Lead to Information Disclosure (824105) File version is greater than expected. [C:\WINDOWS\system32\drivers\netbt.sys, 5.1.2600.1332 > 5.1.2600.1243]

MS03-043 Buffer Overrun in Messenger Service Could Allow Code Execution (828035) File version is greater than expected. [C:\WINDOWS\system32\wkssvc.dll, 5.1.2600.1335 > 5.1.2600.1309]

MS03-045 Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141) File version is greater than expected. [C:\WINDOWS\system32\win32k.sys, 5.1.2600.1335 > 5.1.2600.1275]

MS04-004 Cumulative Security Update for Internet Explorer (832894) File version is greater than expected. [C:\WINDOWS\system32\urlmon.dll, 6.0.2800.1408 > 6.0.2800.1400]

Security updates that the tool cannot confirm as installed on the scanned computer are marked with a blue asterisk

Score Security Update Description Reason

MS03-008 Flaw in Windows Script Engine could allow code execution (814078) Please refer to 306460 for a detailed explanation.

MS03-030 Unchecked Buffer in DirectX Could Enable System Compromise (819696) Please refer to 306460 for a detailed explanation.

MS03-051 Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) Please refer to 306460 for a detailed explanation.

MS04-016 Vulnerability in DirectPlay Could Allow Denial of Service (839643) Please refer to 306460 for a detailed explanation.

[Frank]

The baseline security adviser looks at the date of certain files. It makes sure they are set to the date for the files that they release to Windows Update. The APXP has many more updates rather then just the updates on WU, so the baseline security adviser checks files, looking for a date of 4/21/2004, and when it sees one of 5/23/2004 it thinks you are not secure, and wants you to install a older patch to replace the new file.

I hope I didn't lose you in there.

[OPaul]

This thread also explains;

https://www.neowin.net/forum/index.php?showtopic=148858&hl=

[Dee]

Also the items that MSBA said it wasn't able to confirm are installed... MSBA always says it can't confirm those specific updates. For whatever reason MS is unable to accurately detect the presence of those patches, but that doesn't mean they're not installed.

[Ergolad]

Thanks for the heads up!

[akaladis Veteran]

kinda sucks that, but oh well - it's Microsoft's... better than nothin (they guess)...