WSUS Migration - missing patches

(imported topic written by Masso91)

Hi all,

I’m currently in the process of migrating our XP x86/Office/Server 2003 x86 patches from WSUS into BigFix, but am having trouble finding the updates below. These have all been identified as required in a Microsoft Baseline Security Analyzer scan. Could I get confirmation of a fixlet ID or if these are in fact missing?

MS10-041 (KB979909) - XP

MS10-070 (KB2416473) - XP

MS09-062 (KB972580) - Office 2003

MS07-039 (KB926122) - Server 2003

Also, the following patches are evaluating to false (mostly from the file version check) despite showing as required in MBSA. I’m not sure if this means they aren’t required?

MS11-023 (KB2509488) - Office 07

MS11-045 (KB2541012) - Office 07

MS10-070 (KB2416447) - XP

MS11-045 (KB2541025) - Office 03

MS10-045 (KB980373) - Office 03

Finally, MS11-043 (KB2536276) isn’t downloading due to a re-release a couple of days ago (http://support.microsoft.com/kb/2536276). I assume this will be updated soon?

Thanks,

Michael

(imported comment written by SystemAdmin)

Keep in mind that MBSA isn’t always 100% accurate, just like how BigFix isn’t always 100% accurate. With that said, here are the answers to your questions:

Masso

I’m currently in the process of migrating our XP x86/Office/Server 2003 x86 patches from WSUS into BigFix, but am having trouble finding the updates below. These have all been identified as required in a Microsoft Baseline Security Analyzer scan. Could I get confirmation of a fixlet ID or if these are in fact missing?

MS10-041 (KB979909) - XP
MS10-070 (KB2416473) - XP
MS09-062 (KB972580) - Office 2003
MS07-039 (KB926122) - Server 2003

For the first three bulletins, we had incorrect meta-data, so that is why you can’t find them. I have made the changes and the changes will be up eventually. But for now, here’s the Fixlet IDs that are relevant to the KB# but not necessarily to your machine:

MS10-041

: 1004103, 1004139

MS10-070

: 1007013, 1007016

MS09-062

: 906277, 906279

As for

MS07-039

, that Fixlet has now been replaced by either MS08-035 or MS10-068 or MS11-005, depending on which architecture and service pack of Win2003 you have, as well as whether you’re using Active Directory (AD) or Active Directory Application Mode (ADAM). Where did I get this information? Well, Microsoft informs what bulletin got replaced by what, and if you follow the chain, it’ll go something like this: 07-039 -> 08-003 -> 08-035 -> (partial) 09-018 -> 09-006 -> 10-068 -> (partial) 11-005. So for Win2003, depending on your system, it can either be MS08-035 or MS10-068 or MS11-005.

Masso

Also, the following patches are evaluating to false (mostly from the file version check) despite showing as required in MBSA. I’m not sure if this means they aren’t required?

MS11-023 (KB2509488) - Office 07
MS11-045 (KB2541012) - Office 07
MS10-070 (KB2416447) - XP
MS11-045 (KB2541025) - Office 03
MS10-045 (KB980373) - Office 03

Again, MSBA isn’t always correct. If you have newer versions of a patch, BigFix will ignore the older one, but MBSA might not. If you feel like it is an error on our part, please let us know. You can contact support at http://support.bigfix.com/contact.html

Masso

Finally, MS11-043 (KB2536276) isn’t downloading due to a re-release a couple of days ago (http://support.microsoft.com/kb/2536276). I assume this will be updated soon?

Yes, we are aware of this. An update to the Fixlet should be available now.

(imported comment written by Masso91)

Thanks zevanty :slight_smile:

I’ll review those patches evaluating to false, but my gut feeling would be to trust the BigFix relevance.

(imported comment written by SystemAdmin)

I just noticed that I made a type with MS10-041, so I went ahead and changed it in the post.

But anyways, thank you for trusting our product =D However, if you do feel like our content is wrong and MBSA is correct, please let us know. Easiest way will be contacting support and they will eventually let us know of the issue, but you can post in the forums, and hope that someone on the team sees it.

MBSA is a good tool, but we have seen cases where it has been wrong. It’s really up to you to determine who’s right and who’s wrong.