AnsweredAssumed Answered

Patch that not appear in MBSA/Windows Update is a false positive?

Question asked by Rodrigo Paiva on Aug 29, 2012
Latest reply on Oct 4, 2012 by MtP

Dear All,

 

I'm checking in my Qualys report that there are some Microsoft Patches that appeared as a vulnerability in my servers.

 

When I run the Microsoft Update and also run the tool MBSA from Microsoft, they don't inform that there is a patch to be installed.

 

In Qualys report I can check that Qualys verified, for example, a DLL file from C:\Windows\System32 called XYZ.DLL is version 2.01, but Microsoft realease a new XYZ.DLL version 2.02 - and because of that this file has a vulnerability.

 

Real situation
Results: %windir%\system32\Msxml4.dll  Version is  4.20.9876.0  

Vendor Reference: KB2719615, MS12-043

 

 

I opened a ticket with Microsoft for that:

They collected logs and checked that there is no problem with Microsoft Update.

Also with that, they told us that the recommendation is to keep the machines updated according to Windows Update and to trust on it.

 

They also said that there are some new DLLs files that are created from Microsoft, and this not a reason that the servers need this new DLL file - and this is why the patch don't appear in the Windows Update.

 

 

Is this a false positive? The manufacture said that we need to update according their tool.

 

Thanks in advance!

 

Rodrigo Paiva

Outcomes