Bruce,
With this current syntax is it possible that Vista SP1 boxes that do
not have the patch would have a netapi32.dll that is higher then
6.0.6000.16763 but not as high as the patched version?
I wrote the rule as follows:
(pc_vista64)|((pc_Windows-Vista-SP1|pc_Windows-Vista-SP1-
int)&(MS08-067_Vista_SP1))|((!pc_Windows-Vista-SP1)&(!pc_Windows-Vista-
SP1-int)&(MS08-067_Vista))
Walt
On Oct 28, 2008, at 6:57 AM, Osborne, Bruce W. (NS) wrote:
Todd,
Yes, I posted my checks & rules last night. You need to check Vista
& Vista SP1 separately. Here is the information:
MS08-067_Vista: SYSTEM32\netapi.dll later than 6.0.6000.16763
MS08-076_Vista_SP1: SYSTEM32\ netapi.dll later than 6.0.6001.18156
MS08-067_Vista-rule: (pc_vista64)|((pc_Windows-Vista-SP1|pc_Windows-
Vista-SP1-int)&(MS08-067_Vista_SP1))|(MS08-067_Vista)
In other words, Vista 64-bit passes. If you pass either SP1 check,
you need > 6.0.6001.18156 Otherwise you need > 6.0.6000.16763
This seems to be working for me here. I am using the registry check
for XP.
Bruce Osborne
Liberty University
From: Cisco Clean Access Users and Administrators [mailto:[email protected]
] On Behalf Of Todd Joyce
Sent: Tuesday, October 28, 2008 7:48 AM
To: [email protected]
Subject: [CLEANACCESS] kb 958644
Has anyone figured out a way to check Vista for last weeks patch? I
have tried file version but I have been unable to get it to work
We have figured out how to force XP users with a registry check and
file distribution.
We feel like we should be PROACTIVE like Microsoft and get everyone
patched by any means necessary before a Blaster happens to our campus.
todd
Radford University
--
Todd Joyce
[EMAIL PROTECTED]
Pain is the precursor of change
