Re: Vista Security Vulnerabilities showing in Security scan

Posted: 12-14-2006, 09:36 PM
Forwarded to microsoft.public.windows.vista.security newsgroup via
crosspost.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)

erock wrote:
> We are currently testing Vista Ultimate RTM version on our network and
> when
> we scan it with our QualysGuard security scanner it's coming up with some
> older vulnerabilities that I have listed below. I'm just curious as to
> whether these are real vulnerabilities, or if it is misreporting these for
> some reason. If they are real I was wondering if there are any links to
> solutions for them.
>
> Vulnerabilities Listed in Security Scan
> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
> Web Server Reveals Absolute Path
> Disabled SMB Signing
> UDP Test-Services Running
>
> Thanks for any help or direction to someone else who can help

Re: Vista Security Vulnerabilities showing in Security scan


Responses to "Re: Vista Security Vulnerabilities showing in Security scan"

Alun Jones [MS-MVP - Windows Security]
Guest
Posts: n/a
 
Re: Vista Security Vulnerabilities showing in Security scan
Posted: 12-14-2006, 11:52 PM
I'd suggest asking the folks that make QualysGuard.

Clearly, Vista is not Windows 95, and isn't vulnerable to many of the
thhings being checked for.

A lot of vulnerability scanners test for behaviour unrelated to the actual
vulnerability's behaviour - so it's not keying off a version number, it's
not keying off the vulnerability, it's keying off some shape of traffic that
happens to appear on the vulnerable system - if that shape also happens to
appear in Vista, it may not be because of the vulnerability that's being
flagged.

Only the vendor of the security scanner can say for sure.

Of course, if they really had found these vulnerabilities still present in
Vista, you can bet that the news would be full of the stories!

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


"PA Bear" <PABearMVP@gmail.com> wrote in message
news:u6gDBg8HHHA.816@TK2MSFTNGP06.phx.gbl...
> Forwarded to microsoft.public.windows.vista.security newsgroup via
> crosspost.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
>
> erock wrote:
>> We are currently testing Vista Ultimate RTM version on our network and
>> when
>> we scan it with our QualysGuard security scanner it's coming up with some
>> older vulnerabilities that I have listed below. I'm just curious as to
>> whether these are real vulnerabilities, or if it is misreporting these
>> for
>> some reason. If they are real I was wondering if there are any links to
>> solutions for them.
>>
>> Vulnerabilities Listed in Security Scan
>> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
>> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
>> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
>> Web Server Reveals Absolute Path
>> Disabled SMB Signing
>> UDP Test-Services Running
>>
>> Thanks for any help or direction to someone else who can help
>

erock
Guest
Posts: n/a
 
Re: Vista Security Vulnerabilities showing in Security scan
Posted: 12-15-2006, 03:36 AM
Thanks Alun,
That's exactly what I was thinking too, I just wanted to hear it from
someone else

"Alun Jones [MS-MVP - Windows Security]" wrote:
> I'd suggest asking the folks that make QualysGuard.
>
> Clearly, Vista is not Windows 95, and isn't vulnerable to many of the
> thhings being checked for.
>
> A lot of vulnerability scanners test for behaviour unrelated to the actual
> vulnerability's behaviour - so it's not keying off a version number, it's
> not keying off the vulnerability, it's keying off some shape of traffic that
> happens to appear on the vulnerable system - if that shape also happens to
> appear in Vista, it may not be because of the vulnerability that's being
> flagged.
>
> Only the vendor of the security scanner can say for sure.
>
> Of course, if they really had found these vulnerabilities still present in
> Vista, you can bet that the news would be full of the stories!
>
> Alun.
> ~~~~
> --
> Texas Imperial Software | Web: http://www.wftpd.com/
> 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
>
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:u6gDBg8HHHA.816@TK2MSFTNGP06.phx.gbl...
> > Forwarded to microsoft.public.windows.vista.security newsgroup via
> > crosspost.
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE, OE, Security, Shell/User)
> >
> > erock wrote:
> >> We are currently testing Vista Ultimate RTM version on our network and
> >> when
> >> we scan it with our QualysGuard security scanner it's coming up with some
> >> older vulnerabilities that I have listed below. I'm just curious as to
> >> whether these are real vulnerabilities, or if it is misreporting these
> >> for
> >> some reason. If they are real I was wondering if there are any links to
> >> solutions for them.
> >>
> >> Vulnerabilities Listed in Security Scan
> >> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
> >> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
> >> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
> >> Web Server Reveals Absolute Path
> >> Disabled SMB Signing
> >> UDP Test-Services Running
> >>
> >> Thanks for any help or direction to someone else who can help
> >
>
>
>
Alun Jones
Guest
Posts: n/a
 
Re: Vista Security Vulnerabilities showing in Security scan
Posted: 12-21-2006, 06:03 PM
"erock" <erock@discussions.microsoft.com> wrote in message
news:C0622F84-DD37-4C1F-8D42-80F09CD66BAD@microsoft.com...
> Thanks Alun,
> That's exactly what I was thinking too, I just wanted to hear it from
> someone else
The basic message, which I don't think I stated clearly enough, is that you
should contact the vendor of the security scanner you are using, and ask
them directly the following questions:
1. Do they scan for Vista security vulnerabilities?
2. Are these positive reports true or false?
3. What do they suggest as actions to fix these reports?

Alun.
~~~~


 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
VISTA SECURITY R. A. Pazderski Windows Vista Security 32 02-02-2008 01:57 PM
Vista file security rob_leslie Windows Vista Security 1 12-13-2006 06:26 AM
How to perform High security tasks from a low level security app?? GSLockwood (IUnknown) Windows Vista Security 12 11-25-2006 01:10 PM
Security in windows vista Dragoncraft Windows Vista Install & Setup 0 06-18-2006 04:07 PM
ANN: CRITICAL SECURITY FIX: Microsoft Security Bulletin MS-039 Ravi [MS] Windows XP Embedded 1 09-11-2003 11:14 PM