Patch Auditing

Misleading Patch Audits

by Ron Gula
February 20, 2009

I often tell Nessus users that patch auditing is more efficient and accurate than network scanning. And for the most part, this is absolutely true. However, there are several cases when patch auditing, or a lack of understanding of how patch auditing works, can actually give you bad data. This blog will describe the many subtle nuances to conducting patch audits.

64 Bit Patch Audits for Windows 2003

by Ron Gula
August 22, 2008

Tenable's Research group recently added support to the Nessus ProfessionalFeed and HomeFeed to audit missing 64 bit Windows 2003 security patches via file version checks.

File version checking is the most effective way to test a Windows system for missing patches. Nessus has been able to do this on most Windows OSes (including 64 bit Windows Vista and Windows 2008) for a long time and due to customer demand, we've added support for Windows 2003 64 bit systems.

PatchDiff2 - High Performance Patch Analysis

by Ron Gula
June 26, 2008

Tenable Network Security has released PatchDiff2 for the IDA disassembler. PatchDiff2 can be used to compare the differences in patches provided by vendors in order to understand what has been modified and where previous security holes existed. In some cases, such as the recent MS08-030 release and re-release for Windows XP, a tool like PatchDiff2 can show that a patch update didn't actually modify anything.

UNIX Patch Auditing Over Telnet

by Ron Gula
November 8, 2007

One of the powerful features of Nessus is its ability to perform patch auditing for many different operating systems over many different protocols. Most Nessus users understand that Nessus supports UNIX audits with the Secure Shell protocol and that it can also log into Windows systems. This blog entry will discuss using Telnet as a method for Nessus to perform patch auditing.

Who is Still Using Telnet?