Topic
  • 4 replies
  • Latest Post - ‏2012-05-22T18:14:30Z by HankDorsett
HankDorsett
HankDorsett
7 Posts

Pinned topic Help with Patch Relevance

‏2012-05-17T19:41:31Z |
I'm now required to resolve all High Vulnerabilities to Windows Systems. I have a few of them that show up but when I track down what patch should resolve the issues it doesn't show available for that system. No patches are waiting on Bigfix or Windows update for that system. Is there a way to figure out why it's not available or why the vulnerability still shows relevant?

This isn't the first time I had an issue with Vulnerabilities to Windows systems. The last one was and AD issue that showed up as relevant on all Win Server 2003 R2 but the patch was only for the Domain Controllers.

Is this normal to expect false positives on these alerts?
Updated on 2012-05-22T18:14:30Z at 2012-05-22T18:14:30Z by HankDorsett
  • jeremylam
    jeremylam
    43 Posts

    Re: Help with Patch Relevance

    ‏2012-05-18T01:04:31Z  
    Is it possible that the systems are currently in an unsupported state by Microsoft, and require a service pack to be brought up to the supported level? Or the patches have been superseded by newer ones?
  • HankDorsett
    HankDorsett
    7 Posts

    Re: Help with Patch Relevance

    ‏2012-05-22T17:40:46Z  
    • jeremylam
    • ‏2012-05-18T01:04:31Z
    Is it possible that the systems are currently in an unsupported state by Microsoft, and require a service pack to be brought up to the supported level? Or the patches have been superseded by newer ones?
    Here is an example on Java. My system is running 1.7.0.40 with JavaFX of 1.2.15. Can someone compair the relevance to my reg export and tell me how it's relivant?

    ID 1440301

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.

    From the details.

    ((((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Development Kit" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string)))))) of registries as string))) & "\jre\bin\client\jvm.dll"))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Development Kit" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string)))))) of registries as string))) & "\jre\bin\client\jvm.dll")))) OR (((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll"))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll")))) OR (((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll"))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll")))) OR (((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Development Kit" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string)))))) of registries as string))) & "\jre\bin\client\jvm.dll"))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Development Kit" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string)))))) of registries as string))) & "\jre\bin\client\jvm.dll")))))

    Reg export.

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit
    "CurrentVersion"="1.7"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit\1.7
    "JavaHome"="C:\\Program Files\\Java\\jdk1.7.0_04"
    "MicroVersion"="0"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit\1.7.0_04
    "JavaHome"="C:\\Program Files\\Java\\jdk1.7.0_04"
    "MicroVersion"="0"

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\10.4.0
    "JavaHome"="C:\\Program Files\\Java\\jre7"
    "UseJava2IExplorer"=dword:00000001
    "UseNewJavaPlugin"=dword:00000001

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment
    "Java7FamilyVersion"="1.7.0_04"
    "CurrentVersion"="1.7"
    "BrowserJavaVersion"="10.4.0"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7
    "JavaHome"="C:\\Program Files\\Java\\jre7"
    "RuntimeLib"="C:\\Program Files\\Java\\jre7\\bin\\client\\jvm.dll"
    "MicroVersion"="0"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0_04
    "JavaHome"="C:\\Program Files\\Java\\jre7"
    "MicroVersion"="0"
    "RuntimeLib"="C:\\Program Files\\Java\\jre7\\bin\\client\\jvm.dll"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0_04\MSI
    "JU"="1"
    "OEMUPDATE"=""
    "MODE"="C"
    "JQS"=""
    "FROMVERSION"="NA"
    "FROMVERSIONFULL"=""
    "PRODUCTVERSION"="7.0.40"
    "INSTALLDIR"="C:\\Program Files\\Java\\jre7\\"
    "PATCHDIR"=""
    "EULA"="0"
    "IEXPLORER"="1"
    "MOZILLA"="0"
    "JAVAUPDATE"="1"
    "AUTOUPDATECHECK"="1"
    "AUTOUPDATEDELAY"=""
    "ImageCkSum"="1080191670"
    "FullVersion"="1.7.0_04-b22"

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start
    "CurrentVersion"="10.4.0"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.0.1
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.2
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\10.4.0
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs
  • HankDorsett
    HankDorsett
    7 Posts

    Re: Help with Patch Relevance

    ‏2012-05-22T17:42:51Z  
    Here is an example on Java. My system is running 1.7.0.40 with JavaFX of 1.2.15. Can someone compair the relevance to my reg export and tell me how it's relivant?

    ID 1440301

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.

    From the details.

    ((((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Development Kit" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string)))))) of registries as string))) & "\jre\bin\client\jvm.dll"))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Development Kit" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string)))))) of registries as string))) & "\jre\bin\client\jvm.dll")))) OR (((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll"))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll")))) OR (((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll"))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll")))) OR (((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Development Kit" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string)))))) of registries as string))) & "\jre\bin\client\jvm.dll"))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Development Kit" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit") of registries as string)))))) of registries as string))) & "\jre\bin\client\jvm.dll")))))

    Reg export.

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit
    "CurrentVersion"="1.7"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit\1.7
    "JavaHome"="C:\\Program Files\\Java\\jdk1.7.0_04"
    "MicroVersion"="0"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Development Kit\1.7.0_04
    "JavaHome"="C:\\Program Files\\Java\\jdk1.7.0_04"
    "MicroVersion"="0"

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\10.4.0
    "JavaHome"="C:\\Program Files\\Java\\jre7"
    "UseJava2IExplorer"=dword:00000001
    "UseNewJavaPlugin"=dword:00000001

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment
    "Java7FamilyVersion"="1.7.0_04"
    "CurrentVersion"="1.7"
    "BrowserJavaVersion"="10.4.0"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7
    "JavaHome"="C:\\Program Files\\Java\\jre7"
    "RuntimeLib"="C:\\Program Files\\Java\\jre7\\bin\\client\\jvm.dll"
    "MicroVersion"="0"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0_04
    "JavaHome"="C:\\Program Files\\Java\\jre7"
    "MicroVersion"="0"
    "RuntimeLib"="C:\\Program Files\\Java\\jre7\\bin\\client\\jvm.dll"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0_04\MSI
    "JU"="1"
    "OEMUPDATE"=""
    "MODE"="C"
    "JQS"=""
    "FROMVERSION"="NA"
    "FROMVERSIONFULL"=""
    "PRODUCTVERSION"="7.0.40"
    "INSTALLDIR"="C:\\Program Files\\Java\\jre7\\"
    "PATCHDIR"=""
    "EULA"="0"
    "IEXPLORER"="1"
    "MOZILLA"="0"
    "JAVAUPDATE"="1"
    "AUTOUPDATECHECK"="1"
    "AUTOUPDATEDELAY"=""
    "ImageCkSum"="1080191670"
    "FullVersion"="1.7.0_04-b22"

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start
    "CurrentVersion"="10.4.0"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.0.1
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.2
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    http://HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web Start\10.4.0
    "Home"="C:\\Program Files\\Java\\jre7\\bin"

    HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs
    I have no idea where the http came from, it's not from my reg.
  • HankDorsett
    HankDorsett
    7 Posts

    Re: Help with Patch Relevance

    ‏2012-05-22T18:14:30Z  
    I have no idea where the http came from, it's not from my reg.
    Sorry to keep posting but I broke down and loaded the Fixlet debugger on that system. This is the part that is true, the other two sections are false.

    ((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (((exists (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string) whose ((exists match (case insensitive regex ("^\d+\.\d+$")) of (it as string as lowercase))))) AND (exists file (((concatenation of ((it as string) of (values "JavaHome" of keys ("HKEY_LOCAL_MACHINE\" & ("SOFTWARE\JavaSoft\Java Runtime Environment" & "\" & parenthesized part 1 of match (regex "^(1\.4-9(\.0-9(_0-9+)?)?)$") of ((concatenation of ((it as string) of (values "CurrentVersion" of keys ("HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment") of registries as string)))))) of registries as string))) & "\bin\client\jvm.dll"))))