I trust Microsoft to know what patches I need more than secunia. Windows update is one way to know your Windows Operating System is fully patched, after all it is their OS, not secunia's.
Microsoft has their own Security analyzer software, however, it does not look at 3rd party software, just Microsoft products.
.
.
I don't change any of the scan defaults, you also need an internet connection to scan. Be patient it takes a while to complete the scan.
.
.
Some of the results can be misleading on a home computer, this software was designed for a corporate environment, you can ignore certain ones if you wish.
Local account password test, this was flagged because my guest account was not "disabled", it is not active but is not disabled, so it gets a flag. This is normal on a home PC.
Guest Account, these should be disabled in a corporate environment, they are not by default in home versions of Windows Vista or 7, its up to you if you want to hard block the guest account.
Automatic Updates, I configure mine differently than full automatic so it got flagged.
Administrators, I have 2 Admin accounts, but my Acronis software installed a hidden Admin user account for its backup purposes, kind of nice it showed it to me even when hidden. More than 2 can be a problem in a corporate environment but is ok on a home PC.
Password Expiration, by default home versions of Windows do not expire passwords, in a corporate environment you can force users to change their logon passwords whenever you feel it is appropriate, weekly, monthly etc, not needed on a home PC.
.
Often the KB articles related to the updates will often tell you which files will be updated to which versions, have you checked and compared your versions? – Ƭᴇcʜιᴇ007 – 2012-05-20T04:55:22.763
@techie007 - Yes I have. – PeanutsMonkey – 2012-05-20T05:24:57.763
OK, so were the individual files up-to-date (or newer) according to the version #'s? If so, then you don't need the updates. – Ƭᴇcʜιᴇ007 – 2012-05-20T06:51:34.460
@techie007 - I can't find them in the list of patches installed by Microsoft however that is not to say they could not be installed if they had been included in Service Pack 2. – PeanutsMonkey – 2012-05-20T17:33:16.697
@Moab - I would agree with you however I do place trust in Secunia's scans as Secunia is a security company and what they may deem critical may not been seen as critical by Microsoft. – PeanutsMonkey – 2012-05-20T17:34:18.847
2Remember you need to do a full scan after installing any Microsoft related updates until Secuna PSI detects the affected products as patched. – Gurken Papst – 2012-05-20T17:42:07.603
Just a guess but the first three items on your list all have later versions - ie Media Player 12, IE9 and .Net 4 - they may just consider these earlier versions less secure by default. – BJ292 – 2012-05-20T18:00:47.910
@BJ292: No, the don't. These versions are still supported by Microsoft and thus have patches available. The status Insecure means, there is a security related patch available but not (detected as) installed. PSI is not giving recommendations on more secure versions. There is even no warning if there are known vulnerabilities but patches are not available yet. – Gurken Papst – 2012-05-20T18:07:50.243