TSP
Wed Sep 01 17:39:01 CDT 2004
Mike,
for the Following Q. (in the New FAQ)
How can I download the files necessary to run a scan if my proxy server
requires authentication?
I won't repeat the answer here. Suffice to say that it is unclear on or
missing the aspects I have referred to. (That is the real contents of
INVCIF.EXE)
For the old FAQ, I only have a paper printout but at one stage it did also
have a link for INVCM.EXE. (The latest versions of its contents MBSA 1.2.1
does not seem to install, thus the errors)
Thanks.
TSP
"Mike Chan [MSFT]" wrote:
> can you post the section of the old faq you are referring to or what question
> you are referring to?
>
> --
> Mike Chan
> Technical Product Manager (MBSA)
> Security Business Unit
> Microsoft Corporation
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --
> "TSP" <TSP@discussions.microsoft.com> wrote in message
> news:E532493F-2635-4048-8FEA-478121281CEE@microsoft.com...
> > Thank you Doug
> >
> > Those are exactly the steps I took. (as detailed in the FAQ)
> >
> > However, as I was trying to point out some of this information is no longer
> > available and also not correct in the FAQ for the Q mentioned. I remembered
> > the source for INVCM.EXE from the previous FAQ, it is not mentioned in the
> > new FAQ. Also the details of what is extracted from INVCIF.EXE are not
> > complete in the FAQ (that is the existence of PUIDS.DAT in the CIFS directory
> > is not mentioned)
> >
> > So please could the FAQ be updated to include all this. Thanks
> >
> > And yes don't worry I regularly check for updates, that's how I discovered
> > these inconsistencies.
> >
> > TSP
> >
> >
> > "Doug Neal [MSFT]" wrote:
> >
> >> TSP - here are some steps that should help. The steps below include
> >> guidance for accessing MSSECURE.XML and Office Update files in an offline
> >> mode, so if you only need the Office files, feel free to ignore the
> >> unnecessary steps.
> >>
> >> Since MBSA requires a direct connection to the internet - without being
> >> blocked by a proxy server that may prevent CAB file downloads - a specific
> >> set of steps is necessary to provide the files necessary for MBSA in an
> >> offline or secure mode. Likewise, the Office Inventory Tool opens an
> >> anonymous connection to the web to download the cabs - and there's currently
> >> no way to obtain and use the user name/password to authenticate the
> >> connection with the Proxy server. The steps below should help provide the
> >> proper locations to download the necessary files and where to copy them into
> >> a secure environment so MBSA can be run within a secure or offline
> >> environment. An alternate version of these steps is available online in the
> >> MBSA FAQ (
http://www.microsoft.com/technet/security/tools/mbsaqa.mspx) under
> >> the heading, "How can I download the files necessary to run a scan if my
> >> proxy server requires authentication?"
> >>
> >>
> >>
> >> Whether these steps are scripted or manually performed, these files are
> >> frequently updated on the Microsoft site to ensure customers have the latest
> >> security database to detect missing patches. If a scripted or offline
> >> solution is used, it is critical to COPY THESE FILES ON A REGULAR AND
> >> FREQUENT BASIS to ensure scans performed in the secure/offline environment
> >> are performed using the latest versions of the database files available.
> >> Otherwise, outdated XML files may result in incorrect and/or outdated scans
> >> which will fail to catch vulnerabilities.
> >>
> >>
> >>
> >> Necessary files:
> >>
> >> a.. MBSA 1.2 MSSECURE.XML file (including localized versions once they are
> >> released)
> >> b.. Office Update PATCHDATA.XML file
> >>
> >>
> >> STEP 1 - Ensure MBSA 1.2 is successfully installed on a scanning machine
> >>
> >> Install MBSA 1.2 on a machine in the secure or offline environment.
> >>
> >>
> >>
> >> STEP 2 - Download all needed files
> >>
> >> Depending on your localization needs, download all MSSECURE_xxxx.CAB files
> >> you will need for your environment from a connection that allows download
> >> from the internet and does not block CAB file downloads. Also download both
> >> sets of Office Inventory Tool files (INVCIF and INVCM) from the locations
> >> listed below:
> >>
> >>
> >>
> >> Download localized versions of MSSECURE.XML from the following locations
> >> (for English-only environments, only the ENU version needs to be
> >> downloaded):
> >>
> >> a.. ENU (MSSECURE_1033):
http://go.microsoft.com/fwlink/?LinkId=18922
> >> b.. DEU (MSSECURE_1031) :
http://go.microsoft.com/fwlink/?LinkId=18121
> >> c.. FRN (MSSECURE_1036) :
http://go.microsoft.com/fwlink/?LinkId=18122
> >> d.. JPN (MSSECURE_1041):
http://go.microsoft.com/fwlink/?LinkId=18120
> >>
> >>
> >> Download INVCIF.EXE from
http://go.microsoft.com/fwlink/?linkid=18842 and
> >>
> >> Download INVCM.EXE from
http://go.microsoft.com/fwlink/?linkid=18452
> >>
> >>
> >>
> >> STEP 3 - Copy MSSECURE.CAB files to MBSA directory
> >>
> >> Copy all MSSECURE_xxxx.CAB files to the MBSA installation directory where
> >> MBSA is installed in the secure environment (usually C:\Program
> >> Files\Microsoft Baseline Security Analyzer directory)
> >>
> >>
> >>
> >> STEP 4 - Expand and copy Office Inventory files to correct directories
> >>
> >> Run INVCIF.EXE, answer Yes to install the Office Update Inventory Tool, read
> >> the EULA and agree to its terms, specify a local directory to expand the
> >> contents to (say c:\TEMP).
> >>
> >>
> >>
> >> This will create two files (PATCHDATA.XML and INVENTORYCATALOG.HTML) and a
> >> directory named CIFS - which also contains an additional file named
> >> PUIDS.CIF.
> >>
> >>
> >>
> >> Copy these two files and directory into the Microsoft Baseline Security
> >> Analyzer\OfficeUpd directory on the scanning machine
> >>
> >>
> >>
> >> STEP 5 - Run MBSA in the secure environment
> >>
> >> Once these files have been copied into the correct locations in the MBSA
> >> installation directory, MBSA should be able to run without accessing the
> >> internet to download these files.
> >>
> >>
> >>
> >> The local ***.CAB files will be expanded by MBSA when they are needed and
> >> the Office Update files will be present in the \OfficeUpd directory for MBSA
> >> to use these files in offline mode.
> >>
> >>
> >>
> >>
> >> --
> >>
> >>
> >> Doug Neal [MSFT]
> >> dugn@online.microsoft.com
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no rights.
> >>
> >> If newsgroup discussion with experts and MVPs is unable to solve a problem
> >> to your satisfaction, feel free to contact PSS for the Microsoft Baseline
> >> Security Analyzer (MBSA) at the following link:
> >>
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a
> >>
> >> This e-mail address does not receive e-mail, but is used for newsgroup
> >> postings only.
> >>
> >>
> >> "TSP" <TSP@discussions.microsoft.com> wrote in message
> >> news:60FD4534-F291-4766-B26E-388999275392@microsoft.com...
> >> > Solved it, I believe.
> >> >
> >> > It seems, for off-liners, the correct versions of the contents of
> >> > "invcm.exe" (link appears to have been removed from the FAQ), are not
> >> > installed by MBSA. Found a recent version of the file manually, extracted
> >> > the files (convert.exe etc) and replaced the versions installed. These
> >> > files' versions now match the Patchdata.XML version headers.
> >> >
> >> > The scan now works and completes with a meaningful report.
> >> >
> >> > Just to let you know.
> >> > (But something still must be awry in the build or install for this to
> >> > happen)
> >> >
> >> > Regards.
> >> >
> >> >
> >> > "TSP" wrote:
> >> >
> >> >> Folks,
> >> >>
> >> >> Unfortunately this and other Posts make no mention of an Offline Office
> >> >> Critical scanning error.
> >> >>
> >> >> This may well have something to do with the FAQ entry covering manual
> >> >> downloads and extraction of the "invcif.exe" file no longer being
> >> >> correct.
> >> >> That is, once extracted there are now two files in the "OfficeUpd/cifs"
> >> >> directory, namely "puids.cif" (which contains only Version information)
> >> >> and
> >> >> now a second file called "puids.dat"
> >> >>
> >> >> Could we please have some clarification on this please, as all my Scans
> >> >> result in a message of "Error occured while checking for Office updates.
> >> >> Could not update files for Office Update Inventory Tool. 030003" and I
> >> >> suspect it has something to do with this data in fact having been changed
> >> >> by
> >> >> Microsoft without notice, and MBSA no longer being able to detect the
> >> >> data.
> >> >>
> >> >> TIA (Note: I can only work on manual downloads of all data)
> >> >>
> >> >>
> >> >>
> >> >> "Mike Chan [MSFT]" wrote:
> >> >>
> >> >> > I wanted to alert everyone that a new version of the MBSA FAQ is now
> >> >> > posted -
> >> >> > thanks to your feedback on the newsgroups!
> >> >> >
> >> >> >
http://www.microsoft.com/technet/security/tools/mbsaqa.mspx
> >> >> >
> >> >> > New in the FAQ :
> >> >> >
> >> >> > Q. What versions of MBSA are supported?
> >> >> > A. PSS only supports the latest version of MBSA which is currently
> >> >> > 1.2.1. The
> >> >> > mssecure.xml file that MBSA uses to identify missing security updates
> >> >> > is
> >> >> > different for MBSA 1.2+ than for earlier versions. As of April 20th,
> >> >> > 2004, the
> >> >> > mssecure.xml file used by earlier versions is no longer being updated.
> >> >> > Therefore, scans performed with MBSA 1.1.1 or earlier versions will be
> >> >> > incomplete. Users running less than MBSA 1.2.1 will see a message
> >> >> > notifying them
> >> >> > that 1.2.1 is available.
> >> >> >
> >> >> > Q. Do I need to uninstall MBSA 1.2 before installing MBSA 1.2.1?
> >> >> > A. No, MBSA 1.2.1 will automatically uninstall any previous version of
> >> >> > MBSA
> >> >> > before installing MBSA 1.2.1
> >> >> >
> >> >> > Q. Does MBSA support 64-bit Windows?
> >> >> > A. No.
> >> >> >
> >> >> > Q. What is the current version of MBSA? Why do I see conflicting
> >> >> > version
> >> >> > numbering in the product?
> >> >> > A. The latest version of MBSA is version 1.2.1 - which is also referred
> >> >> > to as
> >> >> > 1.2.4013.0 on some screens. The 4013.0 refers to build versioning. The
> >> >> > official
> >> >> > version number exists in the "About Microsoft Baseline Security
> >> >> > Analyzer" link.
> >> >> > If you are running MBSA 1.2 you will see a message that a new version
> >> >> > 1.2.4013.0
> >> >> > is available.
> >> >> >
> >> >> > Q. What settings are required for a successful remote scan of a Windows
> >> >> > XP SP2
> >> >> > machine?
> >> >> > A. This is addressed in the "readme.html" file in the "Help" directory
> >> >> > under the
> >> >> > "#firewall" section. If you require remote scanning of Windows XP
> >> >> > Service Pack 2
> >> >> > machines, these conditions must be met :
> >> >> > .. The Server service, Remote Registry service, and File & Print
> >> >> > Sharing services
> >> >> > must be enabled.
> >> >> > .. Remote machine scans are performed using TCP ports 139 and 445. In a
> >> >> > multi-domain environment, where a firewall or filtering router
> >> >> > separates the two
> >> >> > networks, TCP ports 139 and 445 and UDP ports 137 and 138 must be open
> >> >> > in order
> >> >> > for MBSA to connect and authenticate to the remote network being
> >> >> > scanned. You
> >> >> > must allow these ports on the remote Windows Firewall.
> >> >> >
> >> >> > --
> >> >> > Mike Chan
> >> >> > Technical Product Manager (MBSA)
> >> >> > Security Business Unit
> >> >> > Microsoft Corporation
> >> >> >
> >> >> > This posting is provided "AS IS" with no warranties, and confers no
> >> >> > rights.
> >> >> > --
> >> >> >
> >> >> >
> >> >> >
> >>
> >>
> >>
>
>
>