MSBA vs. QFECHECK vs. MS Windows Update

[Sinistrality]

Unable to overcome my completionist nature, I have question that may have been solved in a previous post or two, but firefox doesn't like the forum search tool , and I personally despise IE.

On my test VM station, I have run the QFECHECK.exe utility.

The result of every hotfix identified is: Current on system.

Except for the following 8 hotfixes, which all display the "This hotfix should be reinstalled" result:

KB914388 DHCP Vulnerability Fix

KB920213 Agent Vulnerability Fix

KB920683 DNS Vulnerability Fix

KB921398 Windows Explorer Vulnerability Fix

KB922582 Error Updating Computer Fix

KB922819 TCP/IP Vulnerability

KB924270 Workstation Service Vulnerability

KB926255 Windows Vulnerability

I've also run the MS Baseline Security Analyzer 2.01 (shows as 2.0.6706.0 on the report)

The results of which indicate that no Windows Security Updates are missing with a Security Assessment of: Strong Security.

In the past, to verify that all windows updates were applied properly I'd simply run the Windows Update utility in a custom manner and install updates until no more updates remain.

I imagine that the Windows Update check isn't worth beans. But of the first two utilities (QFECHECK and MSBA) which should I put my creedence in?

Thanks for your time and any insight you might provide.

Edited February 7, 2007 by Sinistrality

[ponghy]

Hi

Sorry for my late answer...

I think QFECheck analysis is more accurate. You can do a sanity check yourself (there are not much hotfixes). Proceed in the following manner:

1. For each hotfix, search for information on the Knowledge base: http://support.microsoft.com/?kbid=NNNNNN , where "NNNNNN" are numbers identifying the hotfix.

2. Write down the new versions of affected files posted on the Knowledge Base, and compare them with the files installed on your system. If file version of your system is LESS than file version of the hotfix (see the Knowledge Base as explained), the hotfix is NOT properly applied. If it is greater than Knowledge Base claims, don't worry, because some hotfixes replace the same files with newer versions.

3. Also, check the following Registry value:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KBNNNNNN\Valid . Valid must be EQUAL to 1, otherwise the hofix is improperly installed or not installed at all.

4. An additional check to ensure that needed Registry entries for the hotfix are present may be done too. But this is more complex, and it requires you inspect the uncompressed hotfix package.

Regards and good luck

Edited March 15, 2007 by ponghy