R: Report patch installate

> hfnetchk, con l'opzione -v (verbose), ti spiega in base a
> cosa decide se un 
> hotfix è stato installato o meno. Prova, magari verifica i 
> risultati anche 
> manualmente, controlla se quello che ti dice è vero/ha senso

>Si, lo so... infatti nella mail ho scritto che uno mi dice una cosa ed
uno un'altra... il problema >è che le patches sono installate e i report
di 2 sw 
>sono differenti! Due sw della stessa Microzzoz!!! Inoltre cambia il
report di hknetchk se viene fatto partire in locale o no... pur essendo
nello stesso 
>dominio loggato come Admin!

Qual è la pacth incriminata che non ti fa tornare i conti??? 
Guarda se la mail di seguito può esserti utile:

MS silently changing security patches

Current version of HFNetChk doesn't differentiate between DCs and
non-DCs,  (it does differentiate between different SKUs of the product -
Pro, Server, Adv Server, etc.).  A future version of hfnetchk might be
able to do this, the XML schema would probably be changed to support
notation that a patch was only applicable to DCs.  (MS01-011, 24,36 were
DC only patches as well.)

In the meantime, consider a DC like a service on the system.  Example:
There have been patches for the tlntsvr service - most people don't use
the service, but if we find earlier versions of tlntsvr.exe on the
system, we'll recommend that it be updated - because although you're not
using the service today, you might tomorrow, and the file should be the
most recent.  DCs are a little different, you don't casually decide to
turn on a DC service, however.  

The files for 02-016 are marked in the XML file as change if exist, so
if any of those files in the patch are on your server system, and they
aren't the most recent (ie what's in the patch) it will tell you you
need to install the patch.  It doesn't hurt a server to apply this
patch, but it's not necessary for this issue.  Future versions of
hfnetchk will have a -ignore flag where you can specify issues that you
don't want to report on.


At 04:34 PM 4/10/2002 -0400, Francis Favorini wrote:
Hi,
        Just thought I'd pass this along.  Microsoft has silently
changed the patch in MS02-008 (at least the MSXML 3.0 version).  The old
patch I downloaded on 2/22/02 had version 8.20.9307.0 of msxml3.dll.
The version I downloaded today has version 8.20.9415.0.  There is no
indication in the security bulletin that anything has changed.  HFNetChk
alerted me that the file version did not match.
        The same thing happened last month with MS02-009.  The patch
silently changed, although the bulletin did get updated later.  It's
possible that this is simply due to a delay in the revised bulletin
getting propagated to all the web servers.  I hope this is the case.
        On a semi-related note, does anyone know why HFNetChk complains
that MS02-016 is not applied to a Win2K server that is not a domain
controller? Is it just because it can't identify DC's, or is there some
reason to apply it?

-Francis 

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List