Re: Vista Security Vulnerabilities showing in Security scan

Forwarded to microsoft.public.windows.vista.security newsgroup via
crosspost.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)

erock wrote:
> We are currently testing Vista Ultimate RTM version on our network and
> when
> we scan it with our QualysGuard security scanner it's coming up with some
> older vulnerabilities that I have listed below. I'm just curious as to
> whether these are real vulnerabilities, or if it is misreporting these for
> some reason. If they are real I was wondering if there are any links to
> solutions for them.
>
> Vulnerabilities Listed in Security Scan
> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
> Web Server Reveals Absolute Path
> Disabled SMB Signing
> UDP Test-Services Running
>
> Thanks for any help or direction to someone else who can help

I'd suggest asking the folks that make QualysGuard.

Clearly, Vista is not Windows 95, and isn't vulnerable to many of the
thhings being checked for.

A lot of vulnerability scanners test for behaviour unrelated to the actual
vulnerability's behaviour - so it's not keying off a version number, it's
not keying off the vulnerability, it's keying off some shape of traffic that
happens to appear on the vulnerable system - if that shape also happens to
appear in Vista, it may not be because of the vulnerability that's being
flagged.

Only the vendor of the security scanner can say for sure.

Of course, if they really had found these vulnerabilities still present in
Vista, you can bet that the news would be full of the stories!

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


"PA Bear" <PABearMVP@gmail.com> wrote in message
news:u6gDBg8HHHA.816@TK2MSFTNGP06.phx.gbl...
> Forwarded to microsoft.public.windows.vista.security newsgroup via
> crosspost.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
>
> erock wrote:
>> We are currently testing Vista Ultimate RTM version on our network and
>> when
>> we scan it with our QualysGuard security scanner it's coming up with some
>> older vulnerabilities that I have listed below. I'm just curious as to
>> whether these are real vulnerabilities, or if it is misreporting these
>> for
>> some reason. If they are real I was wondering if there are any links to
>> solutions for them.
>>
>> Vulnerabilities Listed in Security Scan
>> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
>> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
>> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
>> Web Server Reveals Absolute Path
>> Disabled SMB Signing
>> UDP Test-Services Running
>>
>> Thanks for any help or direction to someone else who can help
>

Thanks Alun,
That's exactly what I was thinking too, I just wanted to hear it from
someone else

"Alun Jones [MS-MVP - Windows Security]" wrote:

> I'd suggest asking the folks that make QualysGuard.
>
> Clearly, Vista is not Windows 95, and isn't vulnerable to many of the
> thhings being checked for.
>
> A lot of vulnerability scanners test for behaviour unrelated to the actual
> vulnerability's behaviour - so it's not keying off a version number, it's
> not keying off the vulnerability, it's keying off some shape of traffic that
> happens to appear on the vulnerable system - if that shape also happens to
> appear in Vista, it may not be because of the vulnerability that's being
> flagged.
>
> Only the vendor of the security scanner can say for sure.
>
> Of course, if they really had found these vulnerabilities still present in
> Vista, you can bet that the news would be full of the stories!
>
> Alun.
> ~~~~
> --
> Texas Imperial Software | Web: http://www.wftpd.com/
> 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
>
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:u6gDBg8HHHA.816@TK2MSFTNGP06.phx.gbl...
> > Forwarded to microsoft.public.windows.vista.security newsgroup via
> > crosspost.
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE, OE, Security, Shell/User)
> >
> > erock wrote:
> >> We are currently testing Vista Ultimate RTM version on our network and
> >> when
> >> we scan it with our QualysGuard security scanner it's coming up with some
> >> older vulnerabilities that I have listed below. I'm just curious as to
> >> whether these are real vulnerabilities, or if it is misreporting these
> >> for
> >> some reason. If they are real I was wondering if there are any links to
> >> solutions for them.
> >>
> >> Vulnerabilities Listed in Security Scan
> >> Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
> >> Microsoft Windows 9x NetBIOS NULL Name Vulnerability
> >> Microsoft Windows 9x/NT/2000 MS-DOS Device Name DoS Vulnerability
> >> Web Server Reveals Absolute Path
> >> Disabled SMB Signing
> >> UDP Test-Services Running
> >>
> >> Thanks for any help or direction to someone else who can help
> >
>
>
>

"erock" <erock@discussions.microsoft.com> wrote in message
news:C0622F84-DD37-4C1F-8D42-80F09CD66BAD@microsoft.com...
> Thanks Alun,
> That's exactly what I was thinking too, I just wanted to hear it from
> someone else

The basic message, which I don't think I stated clearly enough, is that you
should contact the vendor of the security scanner you are using, and ask
them directly the following questions:
1. Do they scan for Vista security vulnerabilities?
2. Are these positive reports true or false?
3. What do they suggest as actions to fix these reports?

Alun.
~~~~