Forum Thread: MS11-066/Secunia Advisory SA45517 false positive

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
newpost MS11-066/Secunia Advisory SA45517 false positive
Member 10th Aug, 2011 12:21
Ranking: 2
Posts: 34
User Since: 7th Aug, 2010
System Score: N/A
Location: DE
Last edited on 10th Aug, 2011 12:22

The MS11-066-Patch for MS .NET Framework 4 is only for web apps and not for client versions but is prompted in PSI as insecure!? Why?

https://www.microsoft.com/germany/technet/sicherhe...

Maurice Joyce RE: MS11-066/Secunia Advisory SA45517 false positive
Handling Contributor 10th Aug, 2011 18:49
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Microsoft manage all .NET issues. The English instructions are here which very clearly state an update is available via Windows Update to those (all Windows variants using .NET 3.5 SP1 and .NET 4) affected by the vulnerability.

http://www.microsoft.com/technet/security/bulletin...

By default that means that the update was made available on 9th August 2011 during the routine Microsoft "Patch Tuesday".

If U have not got it installed PSI will correctly indicate that your PC is vulnerable & will remain so until such time as it is installed to clear SA45508 details here:

http://secunia.com/advisories/45508/

It is not a false positive & those offered the hotfix by Microsoft should install it ASAP & then run a full PSI scan to verify that it has registered correctly.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+10
-0
newpost RE: MS11-066/Secunia Advisory SA45517 false positive
Member 11th Aug, 2011 01:50
Score: 2
Posts: 34
User Since: 7th Aug 2010
System Score: N/A
Location: DE
So why do they write: "[1].NET Framework 4 Client Profile not affected."?
I have it so no patch needed!?

And besides, you are wrong Microsoft .NET Framework 3.5 Service Pack 1 is "Non-Affected Software" as the page says. And I also didn't found it in the afected software area.

Maybe my english is so bad?

And the german magazine winfuture says that: only web applications are affected and no standard installations. And they just copied it from the german microsoft homepage, as usual. ;-) http://winfuture.de/news,64821.html

It is quite wired.
Was this reply relevant?
+0
-0
Maurice Joyce RE: MS11-066/Secunia Advisory SA45517 false positive
Handling Contributor 11th Aug, 2011 03:34
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If a PSI scan is telling U that your system is vulnerable then it is vulnerable & it is not a false positive.

At the same time Microsoft should be offering U a hotfix to clear that vulnerability. If using Windows XP U require to carry out a manual update using the Custom Option to find some .NET updates.

SA45517 is linked to MS11-069 which relates to various KB's as U will see here:
http://secunia.com/advisories/45517/

MS11-066 is not,as U suggest, linked to SA45517 but to SA45508 the details are here:
http://secunia.com/advisories/45508/

Microsoft discusses MS11-066 here:
http://www.microsoft.com/technet/security/bulletin...

and MS11-069 here:

http://www.microsoft.com/technet/security/bulletin...

Not only have U confused the issue by mixing up MS numbers from Microsoft & SA numbers from Secunia but have also not read my post correctly particularly this:

Microsoft manage all .NET issues. The English instructions are here which very clearly state an update is available via Windows Update to those (all Windows variants using .NET 3.5 SP1 and .NET 4) affected by the vulnerability.

I,and no doubt many others,have got the Client version installed. It appears U may not have but that DOES NOT mean Secunia are issuing a false positive. It is very positive & correct to me & many other users

As previously stated Microsoft manage .NET issues via Windows Update. If they offer a hotfix install it. MS11-066 & MS11-069 were both offered on "Patch Tuesday" if required by Windows.

PSI manages vulnerabilities. If,after a meta data scan of a system, they find a vulnerability fix it using the link provided by PSI or via Windows Update.

The use of the wording false positive is a complete "red herring".






--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+7
-0
newpost RE: MS11-066/Secunia Advisory SA45517 false positive
Member 11th Aug, 2011 23:42
Score: 2
Posts: 34
User Since: 7th Aug 2010
System Score: N/A
Location: DE
now I know why the confusion. not I mixed up the numbers but secunia psi itself!

PSI showing Microsoft .NET Framework 4.0 as unsecure and missing patch KB2487367 but the online reference by double clicking on the entry in scan results leads to Secunia Advisory SA45517 which has the MS11-069 where is nothing about the KB2487367. It is quite wired but I have not make the mistake but secunia!

I have KB2487367 not installed as .NET Framework 4 Client Profile is not affected and even the update pack from the computer magazine winfuture.de didn't/counldn't install it. But windos update shows it!?

The other patches/updates are installed (https://www.microsoft.com/technet/security/Bulleti...).

So I try the last way out and try to install by windows update. I don't think it will work as .NET Framework 4 Client Profile is not affected.
Was this reply relevant?
+0
-0
Maurice Joyce RE: MS11-066/Secunia Advisory SA45517 false positive
Handling Contributor 11th Aug, 2011 23:55
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I can only repeat what I have said before - if Windows Update offers U a hotfix you require it.

If a Windows Update fails do it manually from here:

http://www.microsoft.com/download/en/details.aspx?...

Complete a full PSI rescan & U should be OK.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
newpost RE: MS11-066/Secunia Advisory SA45517 false positive
Member 12th Aug, 2011 00:18
Score: 2
Posts: 34
User Since: 7th Aug 2010
System Score: N/A
Location: DE
Thank you for the quick and profesional help!

The joke is that I do each update manualy and it seems not to work as it should. I have found the windows update entry and the update worked now.


I have found another false data in Secunia PSI:

It says that KB979683 is missing and the false secunia advisiory is connected to it: https://secunia.com/advisories/45562/

And KB979683 was by the way replaced by KB981852 (MS10-047) which I am quite sure to have on my system but as windows update is prompting it and psi also I will install it to have my peace! Having quite a lot of unnecessarily patches because of it - on my very old notebook/laptop with a quite small hdd which cannot be upgraded - but who cares. I hope to can change it soon.
Was this reply relevant?
+0
-0
Maurice Joyce RE: MS11-066/Secunia Advisory SA45517 false positive
Handling Contributor 12th Aug, 2011 02:52
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I think U are looking at it from the wrong angle.

Microsoft is the MASTER for all things Windows - if they offer a hotfix for a system after a PC scan it is required either as a security fix or for enhancement reasons. The simple solution for average users is to install them hence in Windows Vista & Windows 7 they can all be downloaded & installed automatically.

What PSI does is here:

http://secunia.com/vulnerability_scanning/personal...

In a nutshell PSI is an informer that a system is fully secure or requires user intervention to secure it.

.NET issues are complex - not helped this month by numerous hotfixes which overlap.

What is clear is that there is no false positives from Secunia - once U fully install all the Windows hotfixes the PSI will,after a full scan,give U a 100% security rating for Microsoft issues.

Hope this helps.



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+5
-0

This thread has been marked as locked.