locked
does newer file version implies that an update is not applicable ? RRS feed

  • Question

  • Hi folks

    I am trying to find a system to verify if a Windows OS is vulnerable to a cve, say for example ms14-068.

    Now if I really on MS update catalog then KB3011780 is the main patch for ms14-068, but according to the catalog KB3011780 has not been replaced by any new updates.

    When I try to apply KB3011780 Windows says that the patch is not applicable, looking att the file versions I see that this patch uppdates the following files:

    Kdcsvc.dll         6.3.9600.17423
    Kdcsvc.mof Not Applicable
    Kerberos.dll 6.3.9600.17423
    Pku2u.dll         6.3.9600.17423
    Kerberos.dll 6.3.9600.17423
    Pku2u.dll         6.3.9600.17423

    looking at thees files on my windows I see that they are of a newer version.

    My Question is:

    Can we rely on that a newer version of all files, that a particular vulnerable update fixes, is by definition not applicable for the update? 

    i.e. In my example if I have the following:

    Kdcsvc.dll         6.3.9600.18838
    Kdcsvc.mof Not Applicable
    Kerberos.dll 6.3.9600.18838
    Pku2u.dll         6.3.9600.18838
    Kerberos.dll 6.3.9600.18838
    Pku2u.dll         6.3.9600.18838

    Does it automatically mean that my OS is secured against ms14-068!?

    p.s. I am asking in general. is it a rule to rely on.

    BR  


    • Edited by Denkeli Friday, November 16, 2018 6:01 PM spell
    Friday, November 16, 2018 6:00 PM

Answers

  • The applicability of an update is potentially based on many different factors and criteria including file version. I would say that in general, replacing older files with newer files based on version number is one of the main criteria used and also the main objective of most updates, but that's a completely generic statement as noted. The OS also plays a factor here so that would need to be known as well.

    Have you reviewed the KB for the files and versions it includes?

    Ultimately, this question is better suited for a Windows or Windows Security forum though.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, November 16, 2018 6:58 PM

All replies

  • The applicability of an update is potentially based on many different factors and criteria including file version. I would say that in general, replacing older files with newer files based on version number is one of the main criteria used and also the main objective of most updates, but that's a completely generic statement as noted. The OS also plays a factor here so that would need to be known as well.

    Have you reviewed the KB for the files and versions it includes?

    Ultimately, this question is better suited for a Windows or Windows Security forum though.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, November 16, 2018 6:58 PM
  • Thank you for your reply.

    As I stated in my post, I am trying to find a general system to verify if a windows is patched against any vulnerability. the way I want to achieve this is by making sure that I have a newer version of the files that affect the issue.

    from your reply I read that this is not a 100% reliable method, and that sometimes I could have a newer version of the files affected and still need to patch it!

    if that's the case then MS needs to include the newer version of files as vulnerable in the KB article.

    As for posting my question here, this is my very first post, and I can see that you are a mod, so if you be kind and move it to the right forum I'll be great full.

    BR     

    Friday, November 16, 2018 7:48 PM