Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Security Tool Leaves Holes

    By
    Dennis Fisher
    -
    April 22, 2002
    Share
    Facebook
    Twitter
    Linkedin

      Problems with Microsoft Corp.s Windows Update are causing the automated scanning service to mismanage patches, leaving IT managers to wonder whether the systems they thought were safely patched are actually vulnerable.

      WU, which was originally meant for consumers but is used widely in the enterprise as well, checks a customers PC for needed product updates and critical security patches. Customers can then download and install whichever components they need.

      But confusion has risen with patch management in WU because Microsoft has at least four mechanisms for installing patches, each with its own vagaries and nuances. The complexity has led to technical glitches and patch mismanagement.

      In one extreme case, a Microsoft customer said a patch he installed via WU removed without warning several previous hot fixes he had installed. As a result, one of his systems was successfully attacked by the Nimda virus, for which he once had a patch. “It got Nimda again because the roll-up uninstalled the previous patches,” said John McGuire, a staff engineer and security expert at Strictly Business Computer Systems Inc., a consulting and engineering company in Huntington, W.Va.

      Many of the problems with the automated updates have surfaced only recently as customers have begun using the new—and also flawed—Microsoft Baseline Security Analyzer tool to scan their systems for missing virus patches.

      During the system scan, WU checks for installed security patches by scanning the registry for each patchs key. If the key is present, WU will not show the customer that patch as a possible download.

      However, its possible for the key to be present without the patch being installed if, for example, the download failed midway through.

      By contrast, MBSA and HFNetChk, another free scanning tool on which MBSA is based, scan the actual files on a customers machine and compare the patches they find with an XML database. But that database contains only patches that have been released as part of a Microsoft security bulletin, whereas WU also offers updates that have been released with operating system updates. All of which means IT managers downloading fixes via WU and scanning their systems with MBSA or HFNetChk are getting mixed messages.

      “Microsoft will make changes to hot fixes and make no further mention of the changes until someone outside Microsoft has documented that it has occurred. Time and effort is spent by users and administrators on these issues,” said Fred Dunn, systems management server administrator at the University of Texas Health Science Center at San Antonio. “I think … we are trying to believe in the integrity of Microsofts security analysis tools and patches, but Microsoft is not making that easy for us.”

      The problems come at an inopportune time for Microsoft, given that it has released into beta a new version of WU, called WUCE (WU Corporate Edition). A full release is due next month or in June. WUCE has the same scanning functions as the consumer version, which has led some security experts to recommend that potential customers avoid it. “I wont be recommending it because its unreliable, and I dont want customers to get a false sense of security,” said Russ Cooper, surgeon general of TruSecure Corp., in Herndon, Va., who has tested the WUCE beta version.

      Microsoft officials acknowledge the confusion but said much of it has been triggered by two patches—MS02-008 and MS02-009—which were updated after their release and have caused WU and MBSA to report conflicting results. But the company is working to reconcile the differences among the tools.

      “One thing were focused on hard internally is how we can get as high a level of integrity and consistency as possible,” said Steve Lipner, director of security assurance at Microsoft, in Redmond, Wash. “We need consistency and clarity across these tools.”

      Related stories:

      • Flaws in Microsoft Tool Mount
      • Microsoft Tool Scans for Flaws, Missing Patches
      • DNS Bug Leaves Windows Users Patchless
      • Automatic Updates Give XP Users New Headaches
      Dennis Fisher
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×