Tim Harrison of the Defense Information Systems Agency (DISA), an OVAL
Board member, provided the following information to me (thanks, Tim!),
which I'd like to share with the entire Community Forum.
Thanks,
Tiffany
Microsoft Technical Lead, MITRE's OVAL Team
-------- Original Message --------
Subject: RE: [OVAL-DISCUSSION-LIST] OVAL queries for Microsoft
vulnerabilities
Date: Wed, 26 Mar 2003 08:29:34 -0500
From: "Harrison, Tim (Contractor)" <
Harris1T@...>
To: "'
tab@...'" <
tab@...>
CC: "Sherald, Terry" <
sheraldt@...>
Tiffany,
I read what your fellow team member wrote below and have some
info to share on it. In my experience with the check for the existance
of a patch it is stated that you check
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\Q324380' but that in the most recent bulletin
MS pointed to 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP4\Q324380\'. I have found the later to contain more information,
to include the date the patch was installed and the user that installed
it. This also seems to be a more intuitive path. Also, if service pack
3 is installed on Windows 2000 the following registry key should exist
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP3\Q282522\' and contains info stating that the patch is a service
pack so maybe that would be a another place to check for the service
pack level. If you have any comments or questions feel free to contact
me.
Thanks,
Tim H.
