Speaking of sneaky replacements...

899588 has been replaced by 905749.  But the MS KB article for the
899588 doesn't mention that it has been superseded, so it's a little
tricky to track down.  (I was searching the KB, but the details for
security patches aren't kept in the KB, they're just linked out to the
technet security site...)

Also, I guess because the original patch was rated Critical, but the new
one is only Important, the built-in rules from Cisco are still looking
for 899588 - and that will be OK for any machines that got that patch
first.  But if you have a new install of Windows and go out to Windows
Updates to get all available patches, you'll just get 905749 and will be
unable to get past Clean Access, even though Windows Updates says you're
fully patched (and you really are).

I write my own rules and check only for patches we're particularly
interested in (899588 was one of them).  I use the Cisco checks when I
can for those rules - but Cisco hasn't provided a check for 905749 so I
had to write my own.

-Anne

--
Anne B. Pender
Computing Support Analyst, Student Services
Information Technology Services, Davidson College
[log in to unmask]


-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Simon Bell
Sent: Tuesday, October 18, 2005 4:50 PM
To: [log in to unmask]
Subject: Re: Non Cisco Rule Sets

902400 replaces 873333

>>> [log in to unmask] 10/18/2005 4:12 PM >>>
For people like me who do not use Cisco's Rules...

Patch 873333 was superseded by something, and Patch 896727 was
superseded by 896688

Mike