[Customerconnect] Internet Scanner XPU 6.23 Now Available!

From: ISS Customer Relations (bpq@iss.net)
Date: 12/16/02

  • Next message: Dudley, Brian (ISS Chicago): "RE: A question about ISS gigabit network sensor."
    To: customerconnect@iss.net
    From: ISS Customer Relations <bpq@iss.net>
    Date: Mon, 16 Dec 2002 17:57:50 -0500
    

    Internet Scanner X-Press Update 6.23 is now available from the ISS Download
    Center: <http://www.iss.net/download/>. Internet Scanner XPU 6.23
    contains five new checks and improvements for multiple existing checks.

    PROTECTION BENEFITS
    ∑ Application Protection. Checks in this XPU address security issues
    in IIS web servers and Internet Explorer.

    ∑ Platform Protection. XPU 6.23 includes checks for issues in
    multiple versions of the Microsoft Windows operating systems.

    NEW CHECKS

    The new checks in this XPU are listed below.

    Risk VulnID Check Name Category
    ==== ====== ========== =========
    High 10568* JrunLongUrlBo NT Critical Issues
    High 10809* IeMs02068Patch NT Critical Issues
    Medium 10579* MsvmJavaAppletRedirect NT Critical Issues
    Medium 10760 RdsEnabled Web Scan
    Low 10459* IeBypassCookieRestrictions NT Critical Issues

    * Please note that these checks require administrative privileges on
    scanned hosts.

    IMPROVED CHECKS
    ∑ NbSmbPwl (VulnID: 71).
    ∑ Telnettabbo (VulnID: 7284)
    ∑ Filesgrabbed (Vuln ID: 45)
    ∑ DomainGuestNoPwdReq (VulnID: 1360)
    ∑ DomainUserNoPwdReq (VulnID: 1363)
    ∑ DomainAdminNoPwdReq (VulnID: 1356)
    ∑ UnknownNTService (Vuln ID: 185)
    ∑ SmtpOutdated (VulnID: 124)
    ∑ IeIncorrectSecurityZone (VulnID: 7258)
    ∑ HttpCgiWwwboard (VulnID: 2344)
    ∑ AdminUserPw (Vuln ID: 165)
    ∑ WritableNetBIOSshare (VulnID: 26)
    ∑ IisSamplesCodebrws (VulnID: 2383)
    ∑ AdminAccountBlankPW (VulnID: 10633)
    ∑ SmtpSyslog (VulnID: 129)
    ∑ GuestbookCheck (VulnID: 321)

    VERSIONS/PLATFORMS

    XPU 6.23 is for use with Internet Scanner version 6.2.1. Internet Scanner
    6.2.1 is available on the ISS Download
    Center: <http://www.iss.net/eval/eval.php>.

    For more information on this release, please contact the following:

    * For additional product information:
    - Internet Scanner:
    <http://www.iss.net/products_services/enterprise_protection/vulnerability_as
    sessment/>
    - X-Press Updates: <http://www.iss.net/db_data/xpu/IS.php>

    * For sales and professional services information:
    - sales@iss.net <mailto:sales@iss.net>
    - 888-776-2362 (U.S. and Canada); +1-404-236-2600 (International)

    * For support information, including ISSí Technical Support Knowledgebase:
    - Customer Support - <http://www.iss.net/support/enterprise/index.php>
    - Technical Support Knowledgebase -
    <http://www.iss.net/support/knowledgebase/>

    _______________________________________________
    CustomerConnect mailing list
    CustomerConnect@iss.net