Forum Thread: False Positive on Windows 7

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Windows 7

This thread has been marked as locked.
yinepuhotep False Positive on Windows 7
Member 18th Jan, 2012 18:15
Ranking: 0
Posts: 15
User Since: 7th Feb, 2008
System Score: N/A
Location: US
PSI gives me the following message every time I log in to my desktop:




---START---

Program Name:
Microsoft Windows 7

Security State:
Insecure

Download Link:
http://update.microsoft.com/microsoftupdate/

Missing Microsoft Patches (KB numbers):
KB2584146
KB2631813
KB2585542
KB2644615

Instances Found:

Last System Scan (localtime):
12. Jan 2012, 13:42

Operating System:
Microsoft Windows 7, Microsoft Windows 7

---END---


Windows Update says that all patches have been applied. Have rescanned system, several times, PSI still claims Windows has not been patched, while Windows Update says it has been.

Maurice Joyce RE: False Positive on Windows 7
Handling Contributor 18th Jan, 2012 18:23
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 18th Jan, 2012 18:24
Have U carried out a full PSI rescan? Looks like the last one was 6 days ago.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Maurice Joyce RE: False Positive on Windows 7
Handling Contributor 20th Jan, 2012 10:49
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Have U now fixed this problem?

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
baffoni RE: False Positive on Windows 7
Member 23rd Jan, 2012 16:03
Score: 0
Posts: 4
User Since: 20th May 2011
System Score: N/A
Location: US
I also get false positive on my machine even though MS says it is already installed when I download the specific update for my machine. Here is the PSI output, and doing a full scan does not fix this:

Microsoft Windows 7 1 Insecure Microsoft Windows 7 Microsoft Update
Detected Instances:
Microsoft Windows 7

Microsoft Security Patches Not Installed:
KB2585542

You can double click this row for additional information and options.

Win7 SP1, 64bit
Was this reply relevant?
+0
-0
Terradon RE: False Positive on Windows 7
Member 23rd Jan, 2012 16:14
Score: 9
Posts: 22
User Since: 24th Sep 2009
System Score: N/A
Location: US
I have the same message, though I did not install the particular update. MS has "throttled" the update. They have removed the checkmark to have it auto-install. The reason, from what I have been able to discern is that problems caused by the update turned up and they want time to fix those before the update is pushed to a much larger number of installations.

I wish there was a way to ignore just this one update without having to ignore the entire Win7 install.

--
Don
Windows 7 Home Premium 64bit SP1
Intel Core 2Quad 8GB RAM 1000mb lan to cable
Was this reply relevant?
+0
-0
Maurice Joyce RE: False Positive on Windows 7
Handling Contributor 23rd Jan, 2012 17:54
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
As U can see I run a Windows 7 64 Bit.

They are not false positives. PSI only checks the meta data of a PC & reports accordingly.

What appears to have happened is the Windows Update/Install has not registered correctly on the OS.

This is not uncommon & PSI,quite rightly,points out that Windows is vulnerable until such time as this happens.

KB2585542 needs to be installed separately hence Microsoft did not put a tick (check mark) in the download/install box on "Windows Update Tuesday", This allowed users to install all others offered & reboot before attempting this standalone hotfix.

In some cases this scenario also is caused by not completing a reboot & then a full PSI scan.

If it/they still do not register a manual install sometimes cures it.

KB2585542 can be downloaded & installed from here:

http://www.microsoft.com/download/en/details.aspx?...

U can also get a second opinion from Microsoft by using this tool:

MICROSOFT BASELINE SECURITY ANALYSER (MBSA)

If U are having difficulty confirming the status of Microsoft updates installed on your PC U may wish to install MBSA.

It scans a PC, highlights general security features that were checked, in particular missing Microsoft hot fixes (patches), with additional links to fixes or help lines.

Do not be put off by all the written hype about IT Professionals etc - it is easy to use & understand the results.

More details & the download link are here:

http://technet.microsoft.com/en-us/security/cc1849...

Update 1 23:32 25/01/2011






--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
Terradon RE: False Positive on Windows 7
Member 23rd Jan, 2012 19:36
Score: 9
Posts: 22
User Since: 24th Sep 2009
System Score: N/A
Location: US
[quote=p43571]As U can see I run a Windows 7 64 Bit.

They are not false positives. PSI only checks the meta data of a PC & reports accordingly.

KB2585542 needs to be installed separately hence Microsoft did not put a tick (check mark) in the download/install box on "Windows Update Tuesday", This allowed users to install all others offered & reboot before attempting this standalone hotfix.

I agree that this is not a false positive. However, if you follow the discussion regarding this KB being labeled important and yet was not checked, you would not make the statement above. Instead you would discover that the update was unchecked (throttled) when the updates were pushed through MS Update. There were reports that the patch caused some programs to fail, so the decision was made to further investigate before pushing the patch to all users.

It's not uncommon for MS patches to cause conflicts. What is uncommon is for a patch deemed "important" and a security update to be unchecked. This is not a standalone hotfix. When first presented in MS Update, there was nothing stopping one from checking the box and having it installed along with the other updates. I didn't only because I checkout all patches before I ok them. It struck me odd that a security patch labeled important was the only one not checked. As I checked the normal MS tech haunts, I found out that I was not alone. The more I dug, the more the reason for the "throttling" appeared to be the issues that I saw reported elsewhere.

Presumably, the patch will be reworked and released again. Until then, I'll wait.

--
Don
Windows 7 Home Premium 64bit SP1
Intel Core 2Quad 8GB RAM 1000mb lan to cable
Was this reply relevant?
+0
-1
Maurice Joyce RE: False Positive on Windows 7
Handling Contributor 23rd Jan, 2012 21:49
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 25th Jan, 2012 10:21
This thread, which U have hi-jacked, deals with false positives.

U should create your own thread rather that detract from the main event.

This Forum would be interested to know the hyperlink to the Microsoft bulletin which withdrew this hotfix for example:

1. Why is it still available for installation here?

http://www.microsoft.com/download/en/details.aspx?...

2. Rather than "throttle" it on "patch Tuesday" why was it not completely withdrawn?

3. I have just completed this test:
a. Uninstalled KB2585542 via Action Centre>Windows Update. It demanded a reboot on completion.
b. Carried out a full PSI scan. As expected it downgraded my OS to insecure.
c. Within seconds of the reboot Microsoft offered me a hotfix via Windows Update (I do not allow auto download/install).
d. I manually reinstalled the KB. It demanded a reboot for completion.
e. A second full PSI scan reinstated my OS to 100%.

Details of the install are here:
Security Update for Windows 7 for x64-based Systems (KB2585542)

Installation date: 23/01/2012 20:25

Installation status: Successful

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft.com/fwlink/?LinkID=232510

Help and Support:
http://support.microsoft.com


4. If it has been withdrawn/is not fit for purpose why are Microsoft still offering it to users?

EDIT:
No reply from originator after 7 days.

Thread locked at: 09:19 25/01/2012

If required, this thread can be reopened for the originator by contacting Secunia Support at: support@secunia.com







--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0

This thread has been marked as locked.