Qualys Blog

www.qualys.com
9 posts

No More Tears: WannaCry Highlights Importance of Prompt Vulnerability Detection, Remediation

It didn’t have to happen.

That’s the simple yet profound lesson from WannaCry’s ransomware rampage that has infected 300,000-plus systems in more than 150 countries, disrupting critical operations across industries, including healthcare, government, transportation and finance.

If vulnerable systems had been patched and maintained as part of a proactive and comprehensive system configuration and vulnerability management program, the attack would have been a dud, barely registering on anyone’s InfoSec radar.

“WannaCry was totally preventable with the proper patching and the proper build configurations,” Mark Butler, Qualys’ Chief Information Security Officer (CISO), said during a webcast this week. “That’s a reminder to all of us that you didn’t have to be a victim.”

There are various workarounds for mitigating the underlying WannaCry vulnerability, but those are stopgap measures. “The primary way to remediate this vulnerability is through disciplined and timely patching,” Qualys Product Management Director Jimmy Graham said during the webcast, titled “How to Rapidly Identify Assets at Risk to WannaCry Ransomware.”

Continue reading …

The Shadow Brokers Release Zero Day Exploit Tools

On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows. Exploiting these vulnerabilities in many cases leads to remote code execution and full system access.

Both end-of-support and current Windows versions are impacted, including Windows 2003, XP, Vista, 7, 2008, 8, and 2012. Microsoft has released patches for each vulnerability across all supported platforms, but will not be releasing patches for end-of-support versions of Windows. It is highly recommended that any end-of-support Windows systems be replaced or isolated, as these systems will often be impacted by new vulnerabilities, without the availability of a patch.

For zero-day vulnerabilities in Operating Systems, you can use your existing asset inventory information from Qualys AssetView, and search for any OS to determine how many vulnerable assets are deployed. This can be done without additional scanning if the data is relatively fresh.

Continue reading …

Microsoft IIS 6.0 Buffer Overflow Zero Day

A new zero-day vulnerability (CVE-2017-7269) impacting Microsoft IIS 6.0 has been announced with proof-of-concept code. This vulnerability can only be exploited if WebDAV is enabled. IIS 6.0 is a component of Microsoft Windows Server 2003 (including R2.) Microsoft has ended support for Server 2003 on July 14, 2015, which means that this vulnerability will most likely not be patched. It is recommended that these systems be upgraded to a supported platform. The current workaround is to disable the WebDAV Web Service Extension if it is not needed by any web applications.

The Qualys Cloud Platform can help you detect the vulnerability, track and manage Server 2003 Assets, as well as block exploits against web-based vulnerabilities like this one.

Continue reading …

Qualys Cloud Platform 2.25 New Features

This release of the Qualys Cloud Platform version 2.25 includes updates and new features for Cloud Agent, ThreatPROTECT, and Web Application Scanning as follows:

Continue reading …

Checklist: Qualys Top 10 Tips for a Secure & Compliant 2017

With 2017 still in its infancy, plenty of time remains for InfoSec practitioners to make concrete strides toward better security and compliance in their organizations. That’s why to help you start off the year on the right foot, we’ve shared best practices, ideas and recommendations in our Qualys Top 10 Tips for a Secure & Compliant 2017 blog series.

Continue reading …

Overwhelmed by Security Vulnerabilities? Here’s How to Prioritize

In our second installment of the Qualys Top 10 Tips for a Secure & Compliant 2017 blog series, we tackle the bane of many InfoSec teams: Deciding which vulnerabilities to remediate first.

Continue reading …

Qualys Cloud Platform 2.18 New Features

Qualys Cloud Platform release 2.18 includes updates and new features for:

  • Qualys Cloud Platform (Version 2.18.0)
  • AssetView and ThreatPROTECT (Version 2.18.0)
  • Security Assessment Questionnaire (Version 2.3.0)
  • Web Application Scanning (Version 4.12.0)

Continue reading …

Qualys Cloud Platform 2.17 New Features

Qualys Cloud Platform release 2.17 includes updates and new features for:

  • AssetView (version 2.17.0)
  • Cloud Agent Platform (version 1.8.0)
  • Continuous Monitoring (version 1.16.0)
  • Security Assessment Questionnaire (version 2.2.0)

Continue reading …

Qualys Cloud Platform 2.14 New Features

A new release of the Qualys Cloud Platform includes several new platform features and also includes new versions of the following modules:

Continue reading …