Discrepancy between MS Update and MSBSA

Discussion in 'Server Security' started by Mike Bailey, Aug 23, 2005.

  1. Mike Bailey

    Mike Bailey Guest

    How is it that I get two totally different security reports from MS
    Update and from MSBSA? I just don't understand this! I don't know
    which one to trust and to go by.


    Here are the results form MS Update:

    High Priority(0)
    Software, Optional(0)
    Hardware, Optional (1)
    No high -priority updates for your computer are available.
    ----------------------------------------------------------------------------
    Here are the results form Microsoft Baseline Security Analysis:

    Office Updates 1 update is missing.
    SQL 1 critical security updates are missing. 1 products are
    using a service pack not at the latest version or have other Server/MSDE
    warnings.
    MSXML 1 products are using a service pack not at the latest
    version or have other warnings.
    Windows 1 security updates could not be confirmed.


    Mike B.
     
    Mike Bailey, Aug 23, 2005
    #1
    1. Advertisements

  2. MS Update is targeted at the OS, not the OS *and everything that you're
    running on it*

    HTH

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Aug 24, 2005
    #2
    1. Advertisements

  3. Mike Bailey

    keith Guest

    Microsoft say the following:
    ===============================
    MBSA and Windows Update (WU) analyze systems in different ways. WU for
    instance only carries critical updates for the Windows operating system,
    whereas MBSA will report missing security updates for the Windows operating
    system and other Microsoft products such as SQL Server.

    There are also cases where security updates are re-released, such as
    MS02-008 and MS02-009. MBSA will always ensure that you have the latest
    version of the update installed on your system. If you have the original
    version of the MS02-008 or MS02-009 update, MBSA will indicate that the
    update is not installed, since a newer release is available. However,
    Windows Update may not indicate that a newer version is available since it
    may be looking for different elements on the system to identify if this
    update is present or not. Microsoft is working to resolve this inconsistency
    so that MBSA, Windows Update, Microsoft Software Update Services, and SMS
    security patch management will all use the same rules for determining the
    presence of an update on Windows systems. This will ensure consistency for
    all customers with the tool that best meets their needs. In the mean time,
    users are encouraged to view the security bulletin for those updates that
    they may have installed in the past that MBSA reports as missing to ensure
    they indeed have the most recent version.
    ================================

    See http://www.microsoft.com/technet/security/tools/mbsaqa.mspx or
    http://www.microsoft.com/technet/security/tools/mbsa2/qa.mspx for more.
     
    keith, Aug 24, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.