Author: Jimmy Graham | Page 4

The Shadow Brokers Release Zero Day Exploit Tools

Posted by Jimmy Graham in Qualys Technology, Security Labs on April 15, 2017

On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows. Exploiting these vulnerabilities in many cases leads to remote code execution and full system access.

Both end-of-support and current Windows versions are impacted, including Windows 2003, XP, Vista, 7, 2008, 8, and 2012. Microsoft has released patches for each vulnerability across all supported platforms, but will not be releasing patches for end-of-support versions of Windows. It is highly recommended that any end-of-support Windows systems be replaced or isolated, as these systems will often be impacted by new vulnerabilities, without the availability of a patch.

For zero-day vulnerabilities in Operating Systems, you can use your existing asset inventory information from Qualys AssetView, and search for any OS to determine how many vulnerable assets are deployed. This can be done without additional scanning if the data is relatively fresh.

2 Comments
Permalink
Tags: 0day, assetview, exploit, iis, microsoft, nsa, shadow brokers, threatprotect, vm, vulnerability, waf, windows

IT Asset Inventory Systems and CMDBs: A Marriage Made in InfoSec Heaven

Posted by Jimmy Graham in Qualys News, Qualys Technology on April 10, 2017

A key capability of an IT asset inventory system is being able to exchange data with CMDBs (Configuration Management Databases). In fact, a common misconception is that organizations with CMDBs don’t need an IT asset inventory system because their functions overlap. While they have similar roles, each one plays a different and important part, and they complement each other.

Microsoft IIS 6.0 Buffer Overflow Zero Day

Posted by Jimmy Graham in Qualys Technology, Security Labs, Web Application Security on March 31, 2017

A new zero-day vulnerability (CVE-2017-7269) impacting Microsoft IIS 6.0 has been announced with proof-of-concept code. This vulnerability can only be exploited if WebDAV is enabled. IIS 6.0 is a component of Microsoft Windows Server 2003 (including R2.) Microsoft has ended support for Server 2003 on July 14, 2015, which means that this vulnerability will most likely not be patched. It is recommended that these systems be upgraded to a supported platform. The current workaround is to disable the WebDAV Web Service Extension if it is not needed by any web applications.

The Qualys Cloud Platform can help you detect the vulnerability, track and manage Server 2003 Assets, as well as block exploits against web-based vulnerabilities like this one.

No Comments
Permalink
Tags: 0day, assetview, CVE-2017-7269, iis, iis 6.0, microsoft, security, threatprotect, vm, vulnerabilities, vulnerability, waf

Qualys Cloud Platform 2.25 New Features

Posted by Jimmy Graham in Qualys Technology on March 27, 2017

This release of the Qualys Cloud Platform version 2.25 includes updates and new features for Cloud Agent, Threat Protection, and Web Application Scanning as follows:

No Comments
Permalink
Tags: cloud agent, notification, product news, threatprotect, was