[Customerconnect] Announcing Internet Scanner X-Press Update 6.20 Now Available

From: Solutions Marketing (SolutionsMarketing@iss.net)
Date: 11/05/02 

From: "Solutions Marketing" <SolutionsMarketing@iss.net>
To: <customerconnect@iss.net>
Date: Tue, 5 Nov 2002 11:28:57 -0500

The Internet Scanner® X-press Update (XPU) 6.20 is now available from the ISS Download Center at http://www.iss.net/download/.
 
This release includes new checks, modified checks, and new policies. Two new policies are provided in this XPU to support the SANS Top 20. The policies include a Windows policy and a Unix policy enabling checks related to the Top 20 vulnerable services. For more information on the SANS Top 20, please visit the following link: http://www.sans.org/top20/.
 
Ten new checks are included in this XPU.
 
VulnID Check Name Category Risk
====== ========== ========= ====
9799 IplanetChunkedEncodingBo Web Scan High
9857* MssqlXpWeakPermissions NT Critical Issues High
10133* MsvmJdbcDllExecution NT Critical Issues High
9814** HpEmanateDefaultSnmp Router/Switch High
10265* BugbearWorm NT Critical Issues High
10304 BindSigRrBo Daemons High
9816 ShoppingCartDatabaseAccess Web Scan High
9848* IeHtmScriptExecution NT Critical Issues Medium
10215* WinWshRunning NT Critical Issues Medium
10332 BindOptRrDos Daemons Low
 
*Please note that these checks require administrative privileges on scanned hosts.
** Please note that this check requires a read access community string.
 
Security content bug fixes include:
* IisStandaloneServer (vulnID 4558)
* MssqlJetOdsBo (vulnID 9375)
* MssqlMs02038Patch (Vuln ID 9667)
* SolarisAnswerbook2RemoteExecution (vulnID 5058)
* SshdeattackOverwriteMemory (vulnID 6083)
* Win2kLdapChangePasswords (vulnID 6745)
* SqlServer modified to eliminate exceptions in specific circumstances.
* Windows 2000 service pack checks modified to eliminate false positives on Windows XP.
* Checks with Internet Explorer 6 Service Pack 1 as remedy were modified.
* Updated Vulnerability Catalog.
* Multiple SMTP entries in Services report has been eliminated.
 
* For additional product information regarding this release:
  - X-Press Updates - http://www.iss.net/db_data/xpu/RS.php
  - Internet Scanner - http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php
 
* For sales and professional services information:
  - sales@iss.net
  - 888-776-2362 (U.S. and Canada); +1-404-236-2600 (International)
 
* For support information, including ISS' Technical Support Knowledgebase:
  - Customer Support - http://www.iss.net/support/enterprise/index.php
  - Technical Support Knowledgebase - http://www.iss.net/support/knowledgebase/
_______________________________________________
CustomerConnect mailing list
CustomerConnect@iss.net