The Internet Scanner� X-press Update (XPU) 6.20 is now available from the ISS Download 
Center at http://www.iss.net/download/. 
 
This release includes new checks, modified checks, and new policies. Two new policies 
are provided in this XPU to support the SANS Top 20. The policies include a Windows 
policy and a Unix policy enabling checks related to the Top 20 vulnerable services. 
For more information on the SANS Top 20, please visit the following link: 
http://www.sans.org/top20/.
 
Ten new checks are included in this XPU.
 
VulnID    Check Name                  Category            Risk   
======    ==========                  =========           ====  
9799      IplanetChunkedEncodingBo    Web Scan            High   
9857*     MssqlXpWeakPermissions      NT Critical Issues  High  
10133*    MsvmJdbcDllExecution        NT Critical Issues  High   
9814**    HpEmanateDefaultSnmp        Router/Switch       High   
10265*    BugbearWorm                 NT Critical Issues  High   
10304     BindSigRrBo                 Daemons             High   
9816      ShoppingCartDatabaseAccess  Web Scan            High   
9848*     IeHtmScriptExecution        NT Critical Issues  Medium
10215*    WinWshRunning               NT Critical Issues  Medium
10332     BindOptRrDos                Daemons             Low    
 
*Please note that these checks require administrative privileges on scanned hosts.
** Please note that this check requires a read access community string.
 
Security content bug fixes include:
* IisStandaloneServer (vulnID 4558) 
* MssqlJetOdsBo (vulnID 9375)
* MssqlMs02038Patch (Vuln ID 9667)  
* SolarisAnswerbook2RemoteExecution (vulnID 5058)
* SshdeattackOverwriteMemory (vulnID 6083) 
* Win2kLdapChangePasswords (vulnID 6745)
* SqlServer modified to eliminate exceptions in specific circumstances.
* Windows 2000 service pack checks modified to eliminate false positives on Windows XP.
* Checks with Internet Explorer 6 Service Pack 1 as remedy were modified.
* Updated Vulnerability Catalog.
* Multiple SMTP entries in Services report has been eliminated.
 
* For additional product information regarding this release:
  - X-Press Updates - http://www.iss.net/db_data/xpu/RS.php 
  - Internet Scanner - 
http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php
 
 
*  For sales and professional services information:
  - [EMAIL PROTECTED] 
  - 888-776-2362 (U.S. and Canada); +1-404-236-2600 (International)
 
*  For support information, including ISS' Technical Support Knowledgebase: 
  - Customer Support - http://www.iss.net/support/enterprise/index.php  
  - Technical Support Knowledgebase - http://www.iss.net/support/knowledgebase/
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]


Reply via email to