Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Re: Vista Security Vulnerabilities showing in Security scan

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 12-14-2006
PA Bear
 

Posts: n/a
Re: Vista Security Vulnerabilities showing in Security scan
Forwarded to microsoft.public.windows.vista.security newsgroup via
crosspost.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)

erock wrote:
> We are currently testing Vista Ultimate RTM version on our network and
> when
> we scan it with our QualysGuard security scanner it's coming up with some
> older vulnerabilities that I have listed below. I'm just curious as to
> whether these are real vulnerabilities, or if it is misreporting these for
> some reason. If they are real I was wondering if there are any links to
> solutions for them.
>
> Vulnerabilities Listed in Security Scan
> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
> Web Server Reveals Absolute Path
> Disabled SMB Signing
> UDP Test-Services Running
>
> Thanks for any help or direction to someone else who can help


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 12-15-2006
Alun Jones [MS-MVP - Windows Security]
 

Posts: n/a
Re: Vista Security Vulnerabilities showing in Security scan
I'd suggest asking the folks that make QualysGuard.

Clearly, Vista is not Windows 95, and isn't vulnerable to many of the
thhings being checked for.

A lot of vulnerability scanners test for behaviour unrelated to the actual
vulnerability's behaviour - so it's not keying off a version number, it's
not keying off the vulnerability, it's keying off some shape of traffic that
happens to appear on the vulnerable system - if that shape also happens to
appear in Vista, it may not be because of the vulnerability that's being
flagged.

Only the vendor of the security scanner can say for sure.

Of course, if they really had found these vulnerabilities still present in
Vista, you can bet that the news would be full of the stories!

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


"PA Bear" <PABearMVP@gmail.com> wrote in message
news:u6gDBg8HHHA.816@TK2MSFTNGP06.phx.gbl...
> Forwarded to microsoft.public.windows.vista.security newsgroup via
> crosspost.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
>
> erock wrote:
>> We are currently testing Vista Ultimate RTM version on our network and
>> when
>> we scan it with our QualysGuard security scanner it's coming up with some
>> older vulnerabilities that I have listed below. I'm just curious as to
>> whether these are real vulnerabilities, or if it is misreporting these
>> for
>> some reason. If they are real I was wondering if there are any links to
>> solutions for them.
>>
>> Vulnerabilities Listed in Security Scan
>> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
>> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
>> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
>> Web Server Reveals Absolute Path
>> Disabled SMB Signing
>> UDP Test-Services Running
>>
>> Thanks for any help or direction to someone else who can help

>



Reply With Quote
  #3 (permalink)  
Old 12-15-2006
=?Utf-8?B?ZXJvY2s=?=
 

Posts: n/a
Re: Vista Security Vulnerabilities showing in Security scan
Thanks Alun,
That's exactly what I was thinking too, I just wanted to hear it from
someone else

"Alun Jones [MS-MVP - Windows Security]" wrote:

> I'd suggest asking the folks that make QualysGuard.
>
> Clearly, Vista is not Windows 95, and isn't vulnerable to many of the
> thhings being checked for.
>
> A lot of vulnerability scanners test for behaviour unrelated to the actual
> vulnerability's behaviour - so it's not keying off a version number, it's
> not keying off the vulnerability, it's keying off some shape of traffic that
> happens to appear on the vulnerable system - if that shape also happens to
> appear in Vista, it may not be because of the vulnerability that's being
> flagged.
>
> Only the vendor of the security scanner can say for sure.
>
> Of course, if they really had found these vulnerabilities still present in
> Vista, you can bet that the news would be full of the stories!
>
> Alun.
> ~~~~
> --
> Texas Imperial Software | Web: http://www.wftpd.com/
> 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
>
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:u6gDBg8HHHA.816@TK2MSFTNGP06.phx.gbl...
> > Forwarded to microsoft.public.windows.vista.security newsgroup via
> > crosspost.
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE, OE, Security, Shell/User)
> >
> > erock wrote:
> >> We are currently testing Vista Ultimate RTM version on our network and
> >> when
> >> we scan it with our QualysGuard security scanner it's coming up with some
> >> older vulnerabilities that I have listed below. I'm just curious as to
> >> whether these are real vulnerabilities, or if it is misreporting these
> >> for
> >> some reason. If they are real I was wondering if there are any links to
> >> solutions for them.
> >>
> >> Vulnerabilities Listed in Security Scan
> >> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
> >> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
> >> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
> >> Web Server Reveals Absolute Path
> >> Disabled SMB Signing
> >> UDP Test-Services Running
> >>
> >> Thanks for any help or direction to someone else who can help

> >

>
>
>

Reply With Quote
  #4 (permalink)  
Old 12-21-2006
Alun Jones
 

Posts: n/a
Re: Vista Security Vulnerabilities showing in Security scan
"erock" <erock@discussions.microsoft.com> wrote in message
news:C0622F84-DD37-4C1F-8D42-80F09CD66BAD@microsoft.com...
> Thanks Alun,
> That's exactly what I was thinking too, I just wanted to hear it from
> someone else


The basic message, which I don't think I stated clearly enough, is that you
should contact the vendor of the security scanner you are using, and ask
them directly the following questions:
1. Do they scan for Vista security vulnerabilities?
2. Are these positive reports true or false?
3. What do they suggest as actions to fix these reports?

Alun.
~~~~


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Can't access Vista Share TedF microsoft.public.windows.vista.networking sharing 12 04-30-2010 14:12
A quick movie for Vista users! So funny! Ted Landry microsoft.public.windows.vista.performance maintenance 118 02-17-2007 14:37
Re: SUID Kurt Harriger microsoft.public.windows.vista.security 7 12-18-2006 11:06
Security in Vista Business vs. Vista Ultimate Jeff Lynch [MVP] microsoft.public.windows.vista.security 4 12-15-2006 11:48
Re: Vista Security Guide Review and Feedback PA Bear microsoft.public.windows.vista.security 0 12-07-2006 03:15




All times are GMT +1. The time now is 13:32.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120