Home > Samples > Update > March 2003
          Back to associated article: Slammer Worm: Code Red Deja Vu
  Microsoft Baseline Security Analyzer: Indeterminate Results (Illustration)    
   

Posted: Feb. 10, 2003

0303swcrdv_illo.JPG (62525 bytes)

Indeterminate results call into question the value of Microsoft's Baseline Security Analyzer (MBSA) patch detection tool.

MBSA helps administrators identify common security misconfigurations and missing security updates in products such as Windows, SQL Server, Internet Explorer (IE), and Office.

As shown, when analyzing Windows XP with SP1 and updates from Windows Update applied, MBSA cannot confirm whether all the recommended patches have been applied. The user does not know if the version of hhctrl.ocx is greater than expected because a non-security patch incremented the file version but did not update the BSA, or because a virus or worm has infected or replaced the file and the author of the virus guessed at the file version. In this case it appears that a non-security patch updated the file but did not update the patch information in the MBSA database.

Such messages from a security tool reduce user confidence that the tool accurately analyzes the state of their system.

  
Member Log On | Contact Us | About Us | Samples | Subscribe | Jobs
©Directions on Microsoft