2 Replies Latest reply: May 29, 2013 2:29 PM by John M Sopp RSS

    MVM and MBSA Results Differ


      Our security team uses MVM to scan servers.  Our server team uses MBSA to check for missing Microsoft patches.  These two reports never seem to be the same.  How are people dealing with this?

        • 1. Re: MVM and MBSA Results Differ

          Hi ed87,


          I'm not sure how *real-world* folks handle it for sure... I expect it's by using a combination of the results provided by MBSA + Vuln Scanners to remediate any vulnerabilities.  I will tell you what I DO know:  MBSA reports exactly what patches are needed for your specific OS+Patch Level.  MVM on the other hand scans the target for any known vulnerable files.  So, you may be fully patched in MS's mind, but still have a vulnerable and exploitable .dll or something on your system - which MVM will FLAG as Vulnerable.


          I hope that helps, and hopefully/maybe some of my real-world customers will chime in :-)


          have a great day!

          • 2. Re: MVM and MBSA Results Differ
            John M Sopp

            Cathy-Exactly right.

            No real good way to deal with this though as of yet except in the case of Unsupported software.

            There are many cases when the vendor stops producing patches for certain versions of their software.

            Microsoft tools will often show that the software is patched or patch is not applicable, while MVM identifies the software as being vulnerable-and it is!


            In this case we do a cross reference of the vulnerabilities with a known unsupported software list-and recommend that the version be upgraded to a fully patched and supported version.(Microsoft .Net framework is one glaring example of this..)..


            Mcafee has since added a new category of informational checks which help identify End Of Life and Obsolete software to help tie everything together-I don't have any good way of automating this...


            on 5/29/13 3:29:17 PM EDT