I seem to be having a bit of difficulty with my scans reporting a hits for the following plugins:
id 13643 - Cumulative Security Update for Outlook Express (823353), smb_nt_ms04-018.nasl and
id 12208 - Cumulative Update for Outlook Express (837009), smb_nt_ms04-013.nasl
Some quick examination appears to show that:
1) The systems do not have the patches in question applied.
2) The affected component, Outlook Express, is NOT installed on the systems that are identified. (MS Outlook is not installed either b/4 someone asks the question)
So, while it is true that the patch has not been applied, it is not true that the vulnerability exists. Am I missing something or not looking at this the right way?
If my stab in the dark is correct, then is there some way to put some type of sequential or boolean test logic to require the existence of the product as a condition for returning a vulnerability?
----------------------------------------------------
Mike Sleeper CISSP, CCSE, CCFS
----------------------------------------------------
************* DISCLAIMER ***********************************
The above comments are my own and do not
necessarily represent those of my employer or
contractor. Any information or advice provided by
me shall be given under the "caveat emptor" principal.
*****************************************************************
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
