System Scanner 4.2 for Tru64 and X-Press Update 3.03

From: ISS Customer Relations (bpq@iss.net)
Date: 11/21/01


Message-Id: <4.2.2.20011120183718.00a71870@msgatl01.iss.net>
Date: Tue, 20 Nov 2001 18:48:00 -0500
To: xpress@iss.net
From: ISS Customer Relations <bpq@iss.net>
Subject: System Scanner 4.2 for Tru64 and X-Press Update 3.03


TO UNSUBSCRIBE: email "unsubscribe xpress" in the body of your message to
MAJORDOMO@ISS.NET. Contact xpress-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

System Scanner‘ 4.2 for Tru64 and X-Press Update‘ 3.03

System Scanner‘ 4.2 for Compaq Tru64 UNIX and the X-Press Update‘
3.03 enhancement for System Scanner are now available for download at
http://www.iss.net/eval/eval.php.

This release expands the platforms for System Scanner 4.2 and the depth
of vulnerability analysis by offering new and updated vulnerability checks
and patches. As part of Internet Security Systemsí RealSecure‘
Protection System, System Scanner is supported for installation,
implementation, and operations by ISSí Consulting Services Group and
ISS Support.

System Scanner Version 4 Agent Summary - November 2001
* Version 4.2 Agents
    - Windows NT 4.0
    - Windows 2000
    - IBM AIX 4.3
    - HP-UX 11.0
    - Compaq Tru64 UNIX

* Version 4.1 Agents
    - Solaris 8

* Version 4.0 Agents
    - SUN Solaris 2.6 and 7
    - Red Hat LINUX 6.1 (also tested and validated on Red Hat LINUX 6.2)

X-Press Update 3.03 expands the security content for Windows NT,
Windows 2000, AIX 4.3, and HP-UX 11. The XPU provides new checks,
new policies, revised checks, and revised policies.

Protection Benefits of X-Press Update 3.03:
    - IIS Server Protection - XPU 3.03 augments System Scannerís
       protection of IIS servers with 9 new checks and 16 revised checks.
       This includes coverage of high-risk vulnerabilities such as IIS URL
       decoding and several IIS denial of service vulnerabilities.
    - Internet Explorer Vulnerability Detection - XPU 3.03 includes 4
       new checks to detect recent IE vulnerabilities.
    - Other Malicious Code - XPU 3.03 contains three Windows checks
        to identify vulnerabilities that could result in denial of service
attacks,
        as well as a check for a high risk FrontPage Server buffer overflow
        vulnerability.

System Scanner Agents updated by X-Press Update 3.03:
    - Updates to the System Scanner 4.2 console, including database
       modifications, help files, and policy navigator files
    - Updates to the System Scanner 4.2 agents, including new checks,
       modified checks, new policies, modified policies, modified support
       files, and new configuration files
    - Updates to the System Scanner 4.1 agents, including updated patch
       database, and updated support files
    - Updates to the System Scanner 4.0 agents, including updated patch
       database

New Checks Included in X-Press Update 3.03:
    - MS01-011 (Windows 2000)
    - MS01-015d (Windows NT, Windows 2000)
    - MS01-026a (Windows NT, Windows 2000)
    - MS01-026b (Windows NT, Windows 2000)
    - MS01-026c (Windows NT, Windows 2000)
    - MS01-026d (Windows 2000)
    - MS01-035 (Windows NT)
    - MS01-039a (Windows NT, Windows 2000)
    - MS01-039b (Windows NT, Windows 2000)
    - MS01-044a (Windows NT)
    - MS01-044b (Windows 2000)
    - MS01-044c (Windows 2000)
    - MS01-044d (Windows NT)
    - MS01-044e (Windows 2000)
    - MS01-051a (Windows NT, Windows 2000)
    - MS01-051b (Windows NT, Windows 2000)
    - MS01-051c (Windows NT, Windows 2000)