Qeawscuaro Pct Scan Results Doors 11/18/2014 “The scan was started on 11/11/2014 at 07:18:44 and tok 02:05:13 to complete. The scan was run agains the folowing IP addresses: Not a certified IP Addresses 64, 39,108.242-64.99.106.248 ‘The scan option profile used includes: Scan Settings ‘Scanned TOP Ports ‘Scanned UDP Ports ‘Scan Dead Hosts Load Balancer Detection Password Brute Forcing Vuinerabitty Detection Windows Authentication ‘SSH Authentication Oracle Authentication ‘SNMP Authentication Perform S-way Handshake (Overall Performance Hosts to Scan in Parallel External Scanner Hosts to Scan in Paralle-Scanner Appliances Processes to Run in Parale-Totl Processes to Run in Paralle-HTTP Packet (Burst) Delay Full Standard Scan of of Standard Complete Disabled Disabled Disabled Disabled of cust 2 2 5 1 Long Advanced Settings Host “one 9. ‘a els ‘gs I: generated SYN-ACK packets 'ACK packets during discovery PCI report TOP Standard Scan UDP Standard Scan IoMP on of of SendGone \Company: ‘Simos computer systems User: Vellyangi s ‘Template Tile: Scan Results lActve Hosts: 3 Total Hosts: 3 |Scan Type: ‘On Demand ‘Scan Status: Finished \Scan Tite: 3 \Scan Date: 11/2014 at 07:18:44 Reterence: ‘sean/1415690331.48728 ‘Scanner Appliance: 64.39.103.14 (Scanner 7.11.14-1, Vulnerability Signatures 22.881-2) Duration: 02:05:13 (Options: Payment Card Industry (PC!) Options Target: 164.39.106.242-64.99.106.244 Summary of Vulnerabilities iy Seveiy seventy Contimed Potential Information Gathered Total 5 16 4 ° 20 : : : 1 & fi 3 1 8 ol © 36 2 20 8 SBS “4 1 4 1 7 rea s 2 Os i WP (by POI Savery Pcl Severy Confirmed OP oven Tota on 18 18 36 IMesium 2% “4 99 Low 2 7 19 Tota 55 9 4Vulnerablities by PCI Severity 2 2 10 16 13 10 Vulnerabilities High Teun laa PCL Severity 16 8. q " ENS w Vulnerabilities High Teun laa PCL Severity Severity Level Bt Hign Bs tedin az tow 8 Total jeverity Level 4 High 44 Medium Gri 38 TotalVulnerabilities by Severity Severity Level 2» nous 18. a aoe 48 Bou 3 dw Go». ey 4 Faz a ge 3 Total Eos 3g ‘ 2 n Searls Seerly s Suerlys Severity 2 Seuerlty a Severity Potential Vuinerablites by Severty severity Level 48 os 46 3. q 74 ou SS Bow 3 4 ao 32 a uz a aot Zw NN 38 Total bs &S 2s ‘ 2 Searls Seerly s Suerlys Severity 2 Seuerlty a SeverityDetailed Results 64,39.106.242 (xp-sp2,XP-SP2) Windows XP Vulnerabilities (8) Microsoft SMB Remote Code Execution Vulnerability (MS09-001) PCI COMPLIANCE STATUS Pol Severity: (=n) AL ‘The QID acheres tothe PC! requirements based onthe CVSS basescore. ‘VULNERABILITY DETAILS VSS Base Score: CVSS Temporal Score: 10 AVINACLAUNIC: ‘Bugitag ID: ®, ©) Last Up: ose 2009 SS THREAT: “The Server Message Block (SMB) Protocols a network fle s mmiscelaneous communications between nodes an a networ ‘containing a request sent by the cient ora response sent ver. ‘The folowing remote code execution and denial vulnerabilities have been identified in Microsoft SMB protocol which occur when processing specially crafted SMB packets 1) Avulnerabity exist in the way SMB allocates space fora transaction structure and later tres to clear more memory than it should when a “TRANS request is processed, allowing an attacker to take contol ofthe system. (CVE-2008-4834) 2) Aflaw exists inthe way SMB allocates and clears a data structure relating tothe OPEN2 command. SMB protocol software insufcenty validates ‘he butfer size before writing to, allowing attackers o take complete conto ofthe system and allowing remote execution of code. (CVE-2008-4835) 3) A denial of service vulnerability exists due tothe way “sv sys" hancles malformed SMB WRITE_ANDX packets sent to an interface that uses a ‘Named Pipe as endpoint. This aw allows remote attackers to send a specally-crafted network message toa computer running the Server service ‘causing it to slop responcing. (CVE-2008-4114) ‘tempts to exploit any ofthe above listed vulnerabities does not require authentication, Microsoft has rated the issues as crtical for Windows 2000, Windows XP, and Windows Server 2003, and moderate for Windows Vista, and ‘Windows Server 2008. |Windows XP Embedded Systems: For addtional information regarding securty updates for embedded systems, refer othe folowing MSDN blog ‘s) February Security Updates are Now Available (KB9S8687)January 2009 Security Updates for Runtimes Are Available (KB958687) IMPACT: ‘An attacker who successful exploits tis vulnerability could install programs: view, change, or delete data; or create new accounts with fll user rights. Sucoesstulexplttaton also results in denial of service wich causes the affected system fo crash and stop responding‘SOLUTION: ‘Workaround “TOP ports 139 and 445 should be blocked atthe firewall to protect systems behind the firewall rom attempis to explo this vulnerablty. Impact of workaround: Blocking the pats can cause several windows services or applications usin thase ports to stop functioning. Patch Following are links for downloading patches to fx the vulnerabilities: ‘Windows 2000 SP itp: microsoft com/downloadsidetals.aspx?tamlyid-E0678D 14-C1B5-457A-8222-8£7682760ED4&clsplaya ‘Windows XP SP2 and SP3: itp” microsoft com/downloadsidetals.aspx2tamilyid-EEAFCDCS-DF39-4829-86F'-7032864761E 1 &displaylang-en \Windows XP Professional x64 Edin and XP Protessional x64 Eslton SP2: tp”. microsat com/downloads/detals.aspx?tamilyid-25896401-F659-4542-ADS3-199ED 1FEGAZARdsplaylang-en ‘Windows 2003 Server SP1 and SP2: tp” microsoft com/cownloadsidetals.aspx?tamiyd-S88CABES-38A9-47ED-9C41-09AAF1022E498cispaylang-en ‘Windows 2003 Server x64 Edtion and 2003 Server x64 Edition SP2: tp” microsoft com/cownloads/detals aspx7Tamilyid-EE59441 C-1EBF-4425-AEBD-DEC14E7F I3FB&dsplayan ‘Windows 2008 Server with SP1 and SP2 fr lanium based systems: tp” microsoft com/downloadsidetals-aspx2tamilyid-CAEC9S21 ey 1F673F ESEEFcsplaylang=en ° )) ‘Windows Vista and Vista SP itp”. microsat com/dounloadsidetals.aspx2tamiyid-91 78C463; 2A-990F-B7ESTCDDEESBdIsplayiang=en on st esa ean ss tp”. microsoft com/counloadsidetals. mo E-BS9D-4BOF-ASD-025E45ECD2938clsplaylang-en ‘Windows 2008 Server for 32-bit systems: hip: microsft com/downloadsidetals.aspx hafghyi@-72458411-709E-4165-9841-4C586336086CRisplaylang: ‘Windows 2008 Server for x64-based systems: tp” microsoft com/cownloads/detals aspx2tamiyid-A26 EAAD-@5A0-4428-978F-F21ABFOCTOB4&clsplaylang-en ‘Windows 2008 Server for tanium-based systems: tp” microsoft com/cownioadsidetals aspx2tamiyid-AB7C7015-2088-4R0C-977A-969F4E2A6 189Relsplayiangen Refer to Microsoft Security Bulletin MS09-001 for further detals. Patch Following are links for downloading patches to fx the vulnerabilities: “Trend Micro Virtual Patching Viral Patch #1002844: "Microsoft Windows "WAITE_ANDX" SMB Packet Handling Denial of Service" Vial Patch #1008207: SMB Buffer Overow Remote Code Execution Vulnerability Virtual Patch #1008206: SMB Validation Remote Code Execution Vulerabilty RESULT: (1D: 90477 detected on port 445 over TCP. selected through nul session (MS03-001)EoL/Obsolete Oper PCI COMPLIANCE STATUS Pol Severity: (mnew) aan ‘The QID acheres tothe PC! requirements based onthe CVSS basescore. ‘VULNERABILITY DETAILS CVSS Base Score: 19 AVNIAC-LIAUNIG:C CVSS Temporal Score: 7.4 EWALOFIRCC Severy ann: Category: Securty Policy CVE ID: Vendor Reference: Windows XP End of ite Bugtaa ID: Last Update: o7ze2014 THREAT: ‘The hostis eunning Windows XP. Microsoft ended support for Windows XP on Apri 8, 2014 and provides no futher suppor for his operating system. IMPACT: “The system is a high isk of being exposed to security vulnerabilities. Sinceyhe SnD >no longer provides updates, obsolete software is more ‘ulneraole to viruses and other attacks, WS SOLUTION: BS Update to the latest supported Windows operating system: "RSS fer to Windows Products. Patch Following aze links for downloading patches to fx the vl End of Lite XP: Windows RESULT: ‘Windows XP detected remately Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) PCI COMPLIANCE STATUS Pcl Severity: (mnew) aan ‘The QID acheres tothe PC! requirements based onthe CVSS basescore. ‘VULNERABILITY DETAILS CVSS Base Score: 10 AVNIAC-LIAUNIGC CVSS Temporal Score: 83 EF RLOFROS Severy 5 i ann: 90464 Category: Windows CVE ID: VE-2008-4250 Vendor Reference: ‘MSO8-087 Bugtaa ID: 31874Last Update: 21272009 THREAT ‘The Microsoft Windows Server service provides RPC suppor, le print support and named pipe sharing over the network. The Server service allows the sharing of local resources (euch as dsks and printers} so that other users onthe network can access them. It also allows named pipe ‘communication between applications running on other computers and your computer, whichis used for RPC. “The Server service is winerable to remate code execution issue, due tothe service nat propery handling specially-ratted RPC requests. Any anonymous user who can deliver a specallycrafted message tothe affected system could iy to expat his wulneraiity ‘Windows XP Embedded Systems: For additional information regarding securty updates for embedded systems, refer othe folowing MSDN blog ‘s) December 2008 Updates are Availabe (mclusing for XPe SP3 and Standard) (KB958644)October 2008 Secury Undates Include @ Bonus (ke958644) IMPACT: ‘An attacker who successful exploits tis vulnerability could take complete contol ofthe affected system. SOLUTIOF Patch Following are links for downloading patches to fx the vulnerabilities: Microsoft Windows 2000 Service Pack 4: tp: microsoft comidawnioads/detals.aspx2tamilyid-E22EBSAE-1295-4FE2-9775-6F43C5C2AEDS ‘Windows XP Service Pack 2: tp” microsoft com/downloadsidetals.aspx2tamilyid-ODSF9B6E-9265-4489-AS76-2067873D6A03 ‘Windows XP Service Pack 3: tp” microsoft com/downloads/detals.aspx2tamilyid-ODSF9BGE-9265-4489-A76-2067873D6A03 ‘Windows XP Professional x64 Editon: hp” microsoft com/downloadsidetals aspx2tamiyid-4C 16A372-7BF8-4 BACER2IG2B25, ‘Windows XP Professional x64 Edlion Service Pack 2: oO} htp:/wnww. microsoft com/downloads/detals aspx2tamilyid~4C16A37271 “2982-DACBB2892625 ‘Windows Server 2008 Service Pack 1 itp” microsoft com/downloads/detals.aspx2tamiyid-F26039 (E40-8692-SDE105203900 ‘Windows Server 2008 Service Pack 2: hip” microsoft com/dawnioads/detals.aspx2tamiyid-F 9-4 40-8092-8DE1 65203000 ‘Windows Server 2008 x64 Eaton: hp” microsoft comidownloadsidetals.aspx2tamiyi (FB-F9D0-4642-961F-4B944A20E400 ‘Windows Server 2008 x64 Edtion Service Pack 2: hip: microsoft com/downloadsidetals. 2s ID2AFB-FOD0-4E42-9E1F 459444206400 ‘Windows Server 2008 with SPI for anium-basea Site hip”. microsoft com/dawnloadsidetals.aspx2tanyifid-ABSG0756-F 11F-4909-90CC-ABSAASOT7ACF ‘Windows Server 2008 with SP2 for tanium-based Systems: hp” microsoft com/downloadsidetals.aspx2tamiyid-ABSG0756-F 11F-4909-90CC-ABSAASOT7ACF ‘Windows Vista and Windows Vista Service Pack 1 tp” microsat comidownloads/detals aspx2tamilyid-18FOFF67-C723-428D-ACSC-CACTD8719821 For a complete list of patch download links, please refer Microsoft Security Bulletin MSO8-067. Patch Following are links for downloading patches to fx the vulnerabilities: “Trend Micro Virtual Patching Viral Patch #1002975: Server Service Vulnerabilty (wkssve) Viral Patch #1008080: Server Service Vulnerability (srvsve) Vital Patch #1008282: Block Conticke.B4-+ Worm Incoming Named Pipe Connection Vial Patch #1008283: Block Canticker.-+ Worm Outgoing Named Pipe Connection RESULT: Detected through MSRPC Interface NetBIOS Shared Folder List AvailablePCI COMPLIANCE STATUS cl Seve: (am) aa The ID adheres othe PCI requirements based onthe CVSS basescore \ULNERABILITY DETAILS CVSS Bate Score: 43. AVNIACAUAUNC-PNIAN CVSS Temporal Sore: 3:7 EURLURC Seve 3 aa ab: 70001 Category: SMB NETEIOS CVE to Vendor Reerence Bugtraq ID: (ast Upat: sorazon1 THREAT: Unaithoried remote user can Ital fe sytems on his hos tha are aoesuble fom a remote aystem act: 1 sucessful expoted, unauthorized users can ue this formation to brute = 250 (to tigger Protocol Unreachable Reply)Usted inthe "Result section are the ICMP replies that we have received RESULT: IGMP Reply Type Triggered By ‘Addonal Information Unreachable(type=3 code=3) DP Port 31785 Pott Unveachable Unreachable (type=3 code=3) DP Port 20, Pott Unveachable Echo (type=0 code=0) Echo Request Echo Reply Unreachable (type=3 code=3) DP Port 24740 Pott Unveachable Unreachable (type=3 code=3) UDP Port 1024 Pott Unveachable Unreachable (type=3 code=3) UDP Port 1037 Pott Unveachable Unreachable (type=3 code=3) UDP Port 1027, Pott Unveachable Unreachable(type=3 code=3) UDP Port 1054 Pott Unveachable Unreachable (type=3 code=3) UDP Port 1028 Pott Unveachable Unreachable (type=3 code=3) UDP Port 3875, Pott Unveachable Unreachable(type=3 code=3) UDP Port 11203 Pott Unveachable Time Stamp (type=14 code=0) Time Stamp Request o7:1914 GMT Unreachable (type=3 code=2) IP with High Protocol Protocol Urweachable NetBIOS Host Name PCI COMPLIANCE STATUS °. hd SS = x \unenasnr oer ® sort 1a Ne io to Bugtraq ID: Peedi hexane ste compre dc vest wears IP ID Values Randomness PCI COMPLIANCE STATUS ‘VULNERABILITY DETAILSvy 1o ann: 82045 Category: Topp CVE ID: Vendor Reference: Bugtaa ID: Last Update: 7272008 THREAT: “The values fo the identification (ID) flld in IP headers in IP packets ftom the host are analyzed to determine how random they are. The changes between subsequent ID values for ether the network byte ordering or the host byte ordering, whichever is smaller are displayed in the RESULT section alongwith the duration taken to send the probes. When inctemental values are used, as isthe case for TGPIIP implementation in many operating systems, these changes reflect the network load of the host atthe time this test was conducted Please note that for reliably reasons only the network trafic rom open TCP pots is analyzed, RESULT: IP 1D changes observed (network order) forpor 95:11 1110114111111 T1T11 11222229 Duration: 32 mill seconds Open TCP Services List PCI COMPLIANCE STATUS & Lida oO is © VULNERABILITY DETAILS Ww seve ./ on ba02s &S Cres oe \ aes Vetoes Bugtaa ID: Last Update: 6/15/2009 THREAT: ‘The pott scanner enables unauthorized users wit Internet. The test was carried outwith the appropriate tools to draw a map ofall services on this host that can be accessed from the steal” port scanner so that the server does not log real connections. “The Results section displays the port number (Por, the default service Istening on the port (ANA Assigned Pors/Servces), the description a the service (Description) and the service that the scanner detected using service discovery (Service Detected, IMPACT: Unauthorized users can expot his information to test vulnerabilties in each ofthe open services. SOLUTIOr Shui down any unknown or unused service onthe lst. Ifyou have cifcuty figuring out which service is provided by which process or program, ‘contact your provider's support team. For more information about commercial and open-source Intrusion Detection Systems available for detecting pott scanners of his kind, vist the CERT Web site, RESULT: Port IANA Assigned Ports‘Services Description Service Detected (0S On Redirected Port 135. msrpc-epmap ‘epmap DCE endpoint resolution OCERPC Endpoint Mapner 139 netbios-ssn NETBIOS Session Service retbios ssn 445. miotsott-es Microsof-DS microsof-dsNetwork Adapter MAC Address PCI COMPLIANCE STATUS ‘VULNERABILITY DETAILS severy 16 ann: 43007 Category: Hardware CVE ID: Vendor Reference: Bugtaa ID: Last Update: sw29i2008 THREAT: Itis possible o obtain the MAC adress information ofthe network adapters on the target system. Various sources such as SNMP and NetBIOS, provide such information, This vunerabilty test attempts to gather and report on this information ina table format RESULT: Method MAC Address Vendor NBTSTAT oonc:29:34:62:13, Windows Authentication Method & &S PCI COMPLIANCE STATUS & WS 6 vouneruourvoeras \ severy 16 ann: 7o028 Category: ‘SMB / NETBIOS CVE ID: Vendor Reference: Bugtaa ID: Last Update: 1210912008 THREAT: ‘Windows authentication was performed. The Results section in your dtaled results includes alist of authentication credentials used, “The service also attempts to authenticate using comman credentials. You should verly that the credentials used for suocesstl authentication were those that were provided inthe Windows authentication record, User-provded credentials fale ithe ciscovery method shows "Unable to log in using credentials provided by user, fallback to NULL session. i this isthe case, vey thatthe credentials specified inthe Windows authentication record are vali for his host. RESULT: User Name (one) Domain (one) ‘Authentication Scheme NULL session Security User-based ‘SMBV1 Signing Disabled Discovery Method NULL session, no vali login credentials provided or found CCIFS Version ‘SMB v1 NT LM 0.12Open UDP Services List PCI COMPLIANCE STATUS ‘VULNERABILITY DETAILS severy 16 ann: 82004 Category: Topp CVE ID: Vendor Reference: Bugtaa ID: Last Update: 7112005 THREAT: ‘Aport scanner was used to draw a map of all the UDP services on this hos that can be accessed from the Internet Note that ithe host is behind a frewall, there is a smal chance that the Ist includes a few ports hat are fitered or blocked by the firewall ut are not actualy open on the target host This (alse postive on UDP open ports) may happen when the firewalls configured to reject UDP packets for most (but not al) ports wth an ICMP Port Unreachable packet. This may also happen when te fewall is conigued to alow UDP packes for most (but not al) ports through and fiterblockidtop UDP packets fr ony a few ports. Both cases are uncommon. IMPACT: Unauthorized users can expot his information to test vulnerable in eack of (@a~DA services. y SOLUTION suoan cr zee ont tt tyovhne 4G) Sioa cheese oketywhn peso papan, Se ee tn stalot oneness RS RESULT: AY 6) Port IANA Assigned Pods Serio Desortion Senice Detected 123 np Network Time Protocol a9 137 netbios- NETBIOS Name Sence netios ns 138 retbias gm NETBIOS Datagram Service nknoin 45 miroso-ds Mirosoh-0S nko 00 isakmp isakmp unkown 1900 urkrown urkoun nko Degree of Randomness of TCP Initial Sequence Numbers PCI COMPLIANCE STATUS ‘VULNERABILITY DETAILS severy 16 ann: 82045 Category: Topp CVE ID: Vendor Reference: Bugtaa ID:Last Update: 1192008 THREAT: ‘TOP intial Sequence Numbers (ISNs) obtained inthe SYNACK replies trom the host are analyzed to determine how random they are, The average ‘change between subsequent ISNs and the standard deviation from the average are displayed in the RESULT section. Aso included isthe degree of ificty fr explotaion ofthe TOP ISN generation scheme used by the host. RESULT: ‘Average change between subsequent TOP intial sequence numbers is 1048918986 with a standard deviation of 580884151. These TOP intial sequence numbers were tiggered by TCP SYN prabes sent tate ost al an average rate of 1/(4999 microseconds). The degree of fc to explot the TCP intial sequence number generation scheme i: hard Host Responds to TCP SYN Packet with Other Flags On with SYN ACK Pcl COMPLIANCE STATUS \ULNERABILITY DETAILS seve 1e ai 203 Category: Topi OVE Io: & Vendor Reference Bugtag 1: © Last Undate: 6s:2004 ee aReaT: “The het responds toa TCP SYN pacet wth at eat one o eo setith a SYN ACK paket: AST, FIN, ACK, FINIPSH ws © “This behavior inthe TOPIIP implementation may te user to potentially bypass a firewall protecting the host, as some (especially stateless) firewalls may be configured to allow all WP packets wth one ofthese flags set (RST, FIN, ACK, FIN|PSH) to go through without examining the packets’ SYN fag. SOLUTION: Many operating systems are nov to have this behavior. RESULT: Host responded to the folowing TOP probes to port 135 with SYN+ACK: SYNGEIN, SYNSFINAPSH NetBIOS Workgroup Name Detected PCI COMPLIANCE STATUS es ‘VULNERABILITY DETAILS severy 16 ann: 82062 Category: Topp OVE ID:Vendor Reference: =~ Bugtaa ID: - Last Update: ‘6102/2005 THREAT: “The NetBIOS workgroup or domain name for ths system has been detected. RESULT: WORKGROUP Host Scan Time PCI COMPLIANCE STATUS ‘VULNERABILITY DETAILS sSeverty 10 ann: 45038 Category: Information gathering CVE Io: Vendor Reference: Bugtraq ID: Last Update: ‘11972004 3. © THREAT: recreates ee Duration is the period of imei takes the service to sk. The Duration includes the time it takes the service to scan all hosts, which may involve parallel scanning. I also includes th for a scanner appliance to pick up the scan task and transer the results back to the service's Secure Operating Center. Further, whe skis distributed across multiple scanners, the Duration includes the imei takes to perform parallel hast scanning onal scanner. wife : RESULT: Scan duration: 94 seconds Start ime: Tue, Nov 11 2014, 07:80:20 GMT End time: Tue, Nov 11 2014, 07:36:24 GMT Internet Service Provider PCI COMPLIANCE STATUS es ‘VULNERABILITY DETAILS severy 16 ann: 45005 Category: Information gathering CVE ID: Vendor Reference:Bugtraa ID: - Last Update: 0927/2013, THREAT: ‘The information shown in the Resut section was returned by the network inrastuctue responsible for routing trafic from our cloud platform tothe target network (where the scanner appliance is located) ‘This information was returned from: 1) the WHOIS service, or 2) the infastructue provided by the clasest gateway server ta our cloud platform. ‘your ISP is routing trafic, your ISP's gateway server retumed this information IMPACT: ‘This information can be used by malicious users to gather more information about the network infrastructure that may aid in launching further attacks against it RESULT: “The ISP network handle is: WEST-INET-114 ISP Network deseripton: Guest Communications Company, LLC Host Names Found PCI COMPLIANCE STATUS vuunenasny ora Re Sevesiy 10 & oo ‘so SP ‘Bugitag ID: Crude: coveznos pesutr: eee Tus ons weap wTuNe105 espe neaics 64.39.106.243 (2k-sp4-0e501,2K-SP4-OE501) Windows 2000 Service Pack 3-4 7 1E 3] Too ‘Vulnerabilities (43) Microsoft Messenger Service Butter Overrun Vulnerability (MS03-043)PCI COMPLIANCE STATUS Pol Severity: (mnew) aan ‘The QID acheres tothe PC! requirements based onthe CVSS basescore. ‘VULNERABILITY DETAILS CVSS Base Score: 7.5 AV:NIAC-LIAUNICSPIL-PIA:P CVSS Temporal Score: Severy ann: Category: SMB / NETBIOS CVE ID: ove-20080717 Vendor Reference: MSO3-043, Bugtaa ID: 8825 Last Update: 03/17/2009 THREAT: Microsoft Messenger Service isa Windows service that is responsible fo sending and receiving "net send” messages. The service also handles any messages that afe sen via the Alettr service between clent and server systems. The Microsoft Messenger Service is not elated to MSN. Messenger. Microsoft Messenger Service i prone to a remotely exploitable buffer overtyn ity. The source ofthe vulnerability is insufficient bounds ‘checking of messages belore they are passed to an internal bute. & J “The service is exposed via NetBIOS (ports 137-139) and RPC (port. IMPACT: ‘A message malformed ina particular way can potently Jacent regions of memory wth attacker supplied values. Exploitation ofthis ‘vlneraaity could result ina denial of service or in executen St salicious cade in Local System context, potentially alowing for ul system ‘compromise SOLUTION: Microsoft has released patches to aderess this issue it Microsoft Security Bulletin MSO3-043. “There is no Windows XP version ofthe MS03-049 securty update. The Windows XP security updates was released as part ofthe Secutty Bulletin Ms03-083 Workarounds: In the Microsoft Securty Bulletin referenced above, Microsoft has released instructions on how to disable the Windows Messenger Service. Note that disabling he service may have some sie effects, such asthe system not being able to receive Alerter services messages or some services related to the Windows Messenger Service not staring. ‘Access to port 135 can be blocked using the Internet Connection Firewall (ICF] for Windows XP and Windows 2003 Server systems. The default settings for ICF block this taf Patch Following are links for downloading patches to fx the vulnerabilities: “Trend Micro Virtual Patching Virtual Patch #1000813: MS Windows Messenger Service Buffer Overrun (MSO3-043) RESULT:EOL/Obsolete Software: Microsoft Internet Information Services (IIS) 5.x Detected PCI COMPLIANCE STATUS Po! Sevety (mow) AE ‘The OID adheres tothe PCI requirements based onthe CVSS basescore. ‘VULNERABILITY DETAILS CVSS Base Score: 10 AV:NIACLAUNIC-CRCIA CVSS Temporal Score: 7.8 _E:POC/RLOFROC Seventy 5 a0: 105856 Category: Security Potey CVE: Vendor Reference Bugtraq: Last Update: orneeore THREAT: Mirosotntemetntormation Services Web Server 5x was detected onthe “eS ; © Impact: ) ‘The system s thigh isk of being exposed to securtyvulneabities vendor no longer provides updates. Obsolete software fs mare ‘Wnerable to uses and other alacks > SOLUTION: IN Uparade to Mierosot iS Version 8.0 or ater ®S pesu \ Server: MicosoftiS5.0 Date: Tue, 11 Nov 2014 07:09:08 GMT Connection: Keep-Alve Content-Length: 1270, Content-Type: textihtmi Set. Cookie” ASPSESSIONIDAAADDTTQ-PCEHMBCDDCGAMOHJABMEGCK; path=! Cache-contok private WARNING! Please do nt ater this file, maybe replaced it you upgrade your webserver Ifyou want to use itasa template, we recommend renaming, and modiying the new fle. Thank indows-1252"> lortedede’> morText’>Under Constructionci> ‘id id-"Comment2"> alin (font ptt pt verdana: clor-FF0000) avisted (fontpv" tpt verdana: color #4edede)