Vulnerabilities to Windows Systems Question

Usage and Config Security
1

(imported topic written by emock91)

I am looking at Vulnerabilities to Windows Systems , for example Bluetooth Vulnerability. According to BigFix we have 1300 computers that are vulnerable to this attack. If I drill down to “Click here to view more information from nvd.nist.org (by CVE ID) on this vulnerability.”

Tells me :

External Source: MS

Name: MS08-030

Type: Patch Information

Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx

When I goto Patch MS08-030 in BigFix I only have 7 computers that are relevant for this fixlet …

Why is the vulnerability saying that we have so many computers vulnerable ?

Seems to this problem with all the vulnerability to window syetms …

Thanks

Eric

2

(imported comment written by BenKus)

Hey Eric,

MS08-030 was re-released and there are several BigFix Fixlets that are related to MS08-030. Did you look at all of them?

Ben

3

(imported comment written by emock91)

Ben , that was only 1 fixlet example. They are all like that . We are totally patched and still have most of our PC’s with High vulnerability.

Thanks

4

(imported comment written by BenKus)

Perhaps the systems don’t have a service pack or some patch prerequisite so they don’t show up in the patches for windows site because they can’t be applied, but they will show up in the vulnerabilities site if they have older versions… Which SP are these systems on?

Ben

5

(imported comment written by emock91)

All Are Service Pack 2 … this is hard to explain through email … can someone call us ? or can we talk with someone in support that can understand this issue ? Thanks

6

(imported comment written by emock91)

, Bigfix vulnerabilities to windows shows a boat load of computers that need to be fixed . We then drill down to view more information from nvd.nist.org (by CVE ID) on this vulnerability and it points to a MS## patch … We then go to Bigfix patches for windows and none of the patches are applicable.

7

(imported comment written by BenKus)

Hi Eric,

Please contact support and they can follow up on this with you.

Ben