Verifying if patches are installed on Windows

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Verifying if patches are installed on Windows

Nasseam Elkarra-2
A lot of OVAL queries for Windows check registry keys to determine if
patches are not installed. I was doing some research and came across
this webcast: Assessing Systems for Patch Status Using HFNetChk
(http://support.microsoft.com/default.aspx?scid=/servicedesks/webcasts/w
c040902/wcblurb040902.asp).

When talking about mssecure.xml file used by HFNetChk, one of the
presenters mentions the following:

"Eric: Recently I've started not including the registry key information
in the XML file for various patches simply to force it to ignore doing
the registry key checks anyway, and to go straight on to do the file
checks, since we've found that those are much more reliable to begin
with."

Earlier he mentioned how "in some cases folks have actually rolled their
own hotfixes, where they're writing all of the appropriate files for the
system, but aren't necessarily writing the registry keys to the system.
Or a system may have installed the service pack or another patch, which
has deleted or removed some of the registry keys."

Most of the OVAL queries check both registry keys and files which is not
a problem but I'm thinking maybe the file checks are sufficient. This is
because for some people, who manually replace files or use some
non-Microsoft management tool, the registry keys will never exist but
the file checks are a sure thing.

This is not really a big deal but it could possible save some typing for
those writing queries doing a lot of registry checks.

Just some thoughts,
Nasseam Elkarra
[hidden email]