Microsoft Baseline Security Analyzer Vulnerability Identification Weakness

BID:9634

Info

Microsoft Baseline Security Analyzer Vulnerability Identification Weakness

Bugtraq ID: 9634
Class: Design Error
CVE:
Remote: No
Local: Yes
Published: Feb 10 2004 12:00AM
Updated: Feb 10 2004 12:00AM
Credit: The disclosure of this issue has been credited to <[email protected]>.
Vulnerable: Microsoft Baseline Security Analyzer 1.2
Not Vulnerable:

Discussion

Microsoft Baseline Security Analyzer Vulnerability Identification Weakness

It has been reported that Microsoft Baseline Security Analyzer (MBSA) may be prone to a weakness that may lead to a false sense of security. It has been reported that under some circumstances MBSA may not properly identify security vulnerabilities in the target operating system.

Microsoft Baseline Security Analyzer version 1.2 is assumed to be affected by this issue, however, it is possible that other versions are affected by this flaw as well.

Exploit / POC

Microsoft Baseline Security Analyzer Vulnerability Identification Weakness

No exploit is required as this issue does not directly influence the system in a malicious way.

Proof of concept screenshots can be obtained via the following link:
http://www.elusiveworld.com/scanshots.pdf

Solution / Fix

Microsoft Baseline Security Analyzer Vulnerability Identification Weakness

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

Microsoft Baseline Security Analyzer Vulnerability Identification Weakness

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report