The Internet Scanner� X-press Update (XPU) 6.20 is now available from the ISS Download Center at http://www.iss.net/download/. This release includes new checks, modified checks, and new policies. Two new policies are provided in this XPU to support the SANS Top 20. The policies include a Windows policy and a Unix policy enabling checks related to the Top 20 vulnerable services. For more information on the SANS Top 20, please visit the following link: http://www.sans.org/top20/. Ten new checks are included in this XPU. VulnID Check Name Category Risk ====== ========== ========= ==== 9799 IplanetChunkedEncodingBo Web Scan High 9857* MssqlXpWeakPermissions NT Critical Issues High 10133* MsvmJdbcDllExecution NT Critical Issues High 9814** HpEmanateDefaultSnmp Router/Switch High 10265* BugbearWorm NT Critical Issues High 10304 BindSigRrBo Daemons High 9816 ShoppingCartDatabaseAccess Web Scan High 9848* IeHtmScriptExecution NT Critical Issues Medium 10215* WinWshRunning NT Critical Issues Medium 10332 BindOptRrDos Daemons Low *Please note that these checks require administrative privileges on scanned hosts. ** Please note that this check requires a read access community string. Security content bug fixes include: * IisStandaloneServer (vulnID 4558) * MssqlJetOdsBo (vulnID 9375) * MssqlMs02038Patch (Vuln ID 9667) * SolarisAnswerbook2RemoteExecution (vulnID 5058) * SshdeattackOverwriteMemory (vulnID 6083) * Win2kLdapChangePasswords (vulnID 6745) * SqlServer modified to eliminate exceptions in specific circumstances. * Windows 2000 service pack checks modified to eliminate false positives on Windows XP. * Checks with Internet Explorer 6 Service Pack 1 as remedy were modified. * Updated Vulnerability Catalog. * Multiple SMTP entries in Services report has been eliminated. * For additional product information regarding this release: - X-Press Updates - http://www.iss.net/db_data/xpu/RS.php - Internet Scanner - http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php * For sales and professional services information: - [EMAIL PROTECTED] - 888-776-2362 (U.S. and Canada); +1-404-236-2600 (International) * For support information, including ISS' Technical Support Knowledgebase: - Customer Support - http://www.iss.net/support/enterprise/index.php - Technical Support Knowledgebase - http://www.iss.net/support/knowledgebase/ _______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
[ISSForum] Announcing Internet Scanner X-Press Update 6.20 Now Available
Wolfe, Christine (ISS Atlanta) Fri, 01 Nov 2002 13:46:31 -0800
