I meant to share these comments from OVAL Board member Bill Wall of
Harris (thanks, Bill!) with the Community Forum. I just realized that I
forgot to pass them on...
~ Tiffany
Microsoft Technical Lead, MITRE's OVAL Team
-------- Original Message --------
Subject: RE: [OVAL-DISCUSSION-LIST] [Fwd: RE: [OVAL-DISCUSSION-LIST]
OVAL queries for Microsoft vulnerabilities]
Date: Wed, 26 Mar 2003 14:27:12 -0500
From: "Wall, William (wwall)" <
wwall@...>
To: "'
tab@...'" <
tab@...>
Tiffany,
One has to be careful of looking for Q282522. On my Windows 2000 that I
have
Service Pack 2, I also have
Q282522 with a description of REG_SZ "Windows 2000 Service Pack 2".
Microsoft
gave the same Q number for
all patches. And if you go to the knowledge base for this q number, it
talks
about Service Pack 2 and not
Service Pack 3.
http://support.microsoft.com/default.aspx?scid=kb;en-us;q282522 List of
Bugs
Fixed in Windows 2000 Service Pack 2 (1 of 4)
What makes it different is that you have \SP3\Q282522 instead of
\SP2\Q282522.
Also, if you have Service Pack 2 instead of Service Pack 3, you can
install post
Service Pack 2 or Post
Service Pack 3 patches. You will then have a mix of patches in
HKLM\Software\Microsoft\Uddates\Windows 2000\SP2
HKLM\Software\Microsoft\Uddates\Windows 2000\SP3
HKLM\Software\Microsoft\Uddates\Windows 2000\SP4
But if you look in HKLM\Software\Microsoft\Windows NT\HotFix
you will have all the patches in one key (except for Q282522) and easier
to
find.
Bill
-----Original Message-----
From: Tiffany Bergeron [mailto:
tab@...]
Sent: Wednesday, March 26, 2003 10:18 AM
To:
OVAL-DISCUSSION-LIST@...
Subject: [OVAL-DISCUSSION-LIST] [Fwd: RE: [OVAL-DISCUSSION-LIST] OVAL
queries for Microsoft vulnerabilities]
Tim Harrison of the Defense Information Systems Agency (DISA), an OVAL
Board member, provided the following information to me (thanks, Tim!),
which I'd like to share with the entire Community Forum.
Thanks,
Tiffany
Microsoft Technical Lead, MITRE's OVAL Team
-------- Original Message --------
Subject: RE: [OVAL-DISCUSSION-LIST] OVAL queries for Microsoft
vulnerabilities
Date: Wed, 26 Mar 2003 08:29:34 -0500
From: "Harrison, Tim (Contractor)" <
Harris1T@...>
To: "'
tab@...'" <
tab@...>
CC: "Sherald, Terry" <
sheraldt@...>
Tiffany,
I read what your fellow team member wrote below and have some
info to share on it. In my experience with the check for the existance
of a patch it is stated that you check
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\Q324380' but that in the most recent bulletin
MS pointed to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q324380\'. I have found the later to contain more information,
to include the date the patch was installed and the user that installed
it. This also seems to be a more intuitive path. Also, if service pack
3 is installed on Windows 2000 the following registry key should exist
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP3\Q282522\' and contains info stating that the patch is a service
pack so maybe that would be a another place to check for the service
pack level. If you have any comments or questions feel free to contact
me.
Thanks,
Tim H.
