I'd suggest asking the folks that make QualysGuard.
Clearly, Vista is not Windows 95, and isn't vulnerable to many of the
thhings being checked for.
A lot of vulnerability scanners test for behaviour unrelated to the actual
vulnerability's behaviour - so it's not keying off a version number, it's
not keying off the vulnerability, it's keying off some shape of traffic that
happens to appear on the vulnerable system - if that shape also happens to
appear in Vista, it may not be because of the vulnerability that's being
Only the vendor of the security scanner can say for sure.
Of course, if they really had found these vulnerabilities still present in
Vista, you can bet that the news would be full of the stories!
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
"PA Bear" <PABearMVP@gmail.com> wrote in message
> Forwarded to microsoft.public.windows.vista.security newsgroup via
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
> erock wrote:
>> We are currently testing Vista Ultimate RTM version on our network and
>> we scan it with our QualysGuard security scanner it's coming up with some
>> older vulnerabilities that I have listed below. I'm just curious as to
>> whether these are real vulnerabilities, or if it is misreporting these
>> some reason. If they are real I was wondering if there are any links to
>> solutions for them.
>> Vulnerabilities Listed in Security Scan
>> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
>> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
>> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
>> Web Server Reveals Absolute Path
>> Disabled SMB Signing
>> UDP Test-Services Running
>> Thanks for any help or direction to someone else who can help