I've been seeing a large number of false positives with the SMB tests that examine the registry entries under \\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfixes for specific entry numbers. A big problem with these is that MS do not add keys for a hotfix number when a superceding hotfix is applied. For example, SP2SRP1 has its own hotfix entry but supercedes things like the IrDa hotfix Q252795 and the Index server fix Q296185 but when SP2SRP1 is on on its own then the hotfix keys don't exist for the individual fixes. I would guess that the same thing will apply when (if) SP3 is released.
I could adjust the affected tests to check for both/all three possibilities - would patches be accepted or have they already been written? Or can anyone think of a better way to check this stuff without relying on MS doing The Right Thing(tm)? Trevor Hemsley, Security Specialist, Atos Origin Ltd, Whyteleafe, +44-(0)1883-628139 [This electronic transmission and any files attached to it are strictly confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify us by return and delete the same. The views expressed in this electronic transmission do not necessarily reflect those of Atos Origin or any of its subsidiary companies. Although the sender endeavours to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Thank You.]
