Results 1 to 6 of 6
  1. #1
    Star Lounger
    Join Date
    Jun 2001
    Location
    Ontario, Canada
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Windows XP SP 1 and Baseline Security Analyzer (Windows XP Home SP-1)

    I installed SP-1 last night and just out of curiosity I ran Windows Update. I did not need any critical updates and the recommended updates decreased to about three.

    I then ran Microsoft Baseline Security Analyser and it said I was missing 2 hotfixes.

    Why do Microsoft Baseline Security Analyser and the Windows update site disagree.

  2. #2
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Windows XP SP 1 and Baseline Security Analyzer (Windows XP Home SP-1)

    The MBSA is not perfect - what hotfixes did it identify as missing? If Windows Update doesn't think you need the fixes, I'd be inclined to trust it first.
    -Mark

  3. #3
    Star Lounger
    Join Date
    Jun 2001
    Location
    Ontario, Canada
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Windows XP SP 1 and Baseline Security Analyzer (Windows XP Home SP-1)

    The two hotfixes listed by MBSA were:

    MS02-050 Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
    MS02-055 Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255)

  4. #4
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Windows XP SP 1 and Baseline Security Analyzer (Windows XP Home SP-1)

    Ahoy, if memory serves, these were fixes that were released after Service Pack 1 for XP went gold and was certified for distribution. That would explain why you saw the messages.
    -Mark

  5. #5
    Star Lounger
    Join Date
    Jun 2001
    Location
    Ontario, Canada
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Windows XP SP 1 and Baseline Security Analyzer (Windows XP Home SP-1)

    Thanks for explaination Mark why I would see these fixes on MSBA. However, to be exact, my original question was why does not Windows Update "flag" them as well.

  6. #6
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Windows XP SP 1 and Baseline Security Analyzer (Windows XP Home SP-1)

    Availability on Windows Update traditionally lags behind the actual release of patches. Although I can't say exactly why, I'd guess it's because more folks get their updates that way, and by letting the early adopters "beta" test the patches, they may make small revisions to minimize the possibility that they will screw something up with a rushed patch. I know I know - rush and security patch is an oxymoron when you're talking about Microsoft, but you get the idea. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>
    -Mark

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •