Tenable's Research group recently added support to the Nessus ProfessionalFeed and HomeFeed to audit missing 64 bit Windows 2003 security patches via file version checks.
File version checking is the most effective way to test a Windows system for missing patches. Nessus has been able to do this on most Windows OSes (including 64 bit Windows Vista and Windows 2008) for a long time and due to customer demand, we've added support for Windows 2003 64 bit systems.
Tenable also recently improved the performance of the smb_hotfixes.nasl plugin to reduce network traffic. This will decrease the amount of time it takes to perform patch audits of all Windows systems.
To make use of this functionality, simply update your Nessus plugins and then perform a credentialed audit of a 64 bit Windows 2003 system with the "Windows : Microsoft Bulletins" plugin family enabled as shown below:
If you perform patch auditing with Nessus, these previous blog entries will be of interest:
- Knowing When to Patch
- Testing the Effectiveness of your Patch Management System
- Finding Vulnerabilities older than 30 Days
- Full SU/SUDO Support for UNIX Patch Audits