I am running a scan every day of our entire address space that is only scanning for 11808 (MS03-026) and 11835 (MS03-039) with enable dependencies. I am using Inprotect .14 to submit and schedule the scan. It runs daily at 8am with a timeout of 28800. Its running in "Polite", which is a recent change. Until last Thursday, all scans had been running "Normal".
Machines that showed as vulnerable to both and have installed the KB824146 patch are still showing up as vulnerable for the 039 but not the 026. It's not all patched machines, either. It is mostly NT4 systems.
I am now having to try to prove on a machine by machine basis that the Nessus scanner is correct. One thing I have found is KB824146 says these files:
23-Aug-2003 18:48 5.0.2195.6810 945,936 Ole32.dll 23-Aug-2003 18:48 5.0.2195.6802 432,912 Rpcrt4.dll 23-Aug-2003 18:48 5.0.2195.6810 192,272 Rpcss.dll
must be present for the patch to have worked. On some machines, one or more of these files had not updated even after patching and rebooting. However, there is atleast one Windows 2000 machine that the user claims has the correct files, yet it still shows as vulnerable in yesterday's scan for the 039.
Can anyone offer any advice or help? I've already put a lot of time into proving Nessus provides us accurate reults, and would rather not have to keep going desk to desk doing it again...
Thanks, Carl
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
