eEye Digital Security

 We run Retina Scan (versions: Engine (5.10.17) and the Audit is (2132)) weekly, and download the latest Audit prior to doing so. Our current OS is Windows XP SP2. This morning we downloaded the current Audit, and all of a sudden we are now missing the following patches:

IE Explorer Cumulative Patch for up to 6.0 2003-A-0014(3)

SMB Remote Code Execution 2005-T-0019

TCP/IP Vulnerabilities 2005-B-0012

Outlook Express Cumulative Patch 837009

Can anyone tell us why this may be happening?

Also, the following problem exists, which a resolution has never been found for:

JPEG Processing GDI+ Buffer Overflow 2004-A-0015

Any help on this would be GREATLY appreciated as well.

Thanks for all of your time and help.

Sincerely,

1.  Since your using Windows XP SP2, have you completed installing all of the updates that are available (i.e. you told it to not install SP3 and instead search for all other available updates for SP2)?

2.  What version of Windows XP SP are you using (Home Edition or Professional)?

3.  When your updating Windows, are you using the default Windows Update or the improved Microsoft Update webpage?  The improved Microsoft Update webpage searches for updates for all other Microsoft related products (that you may have installed on your system) along with checking for the normal Windows OS updates.  Windows Update only searches for updates for the OS, not other Microsoft products.  This does not apply to Vista, only XP.

4.  What version of IE are you using?

5.  I know that eEye, in the past, has had to tweak some of the Retina audits when I was using IE7 with SP3 (not SP2) because it was triggering on alerts that were targeting IE6 on a SP2 system.  You may fall under this same type of situation in your particular case.

6.  Finally, are you using the Retina built into Blink or the standalone Retina scanning application?

I am hoping eEye can chime in on this post for further guidance.

1. I believe we have ...

2. Pro

3. All updates and patches are installed manually, as the system cannot be connected to the MS web site.

4. 6.0

5.  ?

6. Stand Alone application.

All system and software version requirements are mandated from other sources.

Thanks again. 

Alright, well if your using the standalone version of Retina, you are entitled to support via your own Customer Support Portal:

https://www.eeye.com/clients

You can set up an account here, log in, access lots of other information, and be able to submit support tickets for your product to eEye for help.

Hopefully you can receive a response in a timely manner that way vice waiting on the forums for a response.

Many thanks for the information.

Please try updating to Audit Version 2135 and re-scan and see if it still exists.

Thank you

Brian

 Brian,

Thanks for your time and help. Downloading that took care of "almost" all of the problems. What we have now, is a continuing problem with all of the Adobe software ... Reader, Shockwave and Flash. We have downloaded and installed all of those files requested (during the Retina scan, but we continue to get the same notice about needing to update the software. This is a 2004 "issue", and there is nothing we can do to "fix" this issue. Any suggestions would be GREATLY appreciated. And since you fixed the last problem, I REALLY look forward to your response.

Sincerely,

Bobb

 I forgot to add the updates we installed, and they are:

Shockwave 11.5.1.601

Flash 10.0.32.18

Reader  AdbeRdr913_all_incr.msp

Again ... Thanks

What vulnerability assessment results are you seeing for Shockwave, Flash, and Adobe Reader?

 Flash 2009-A-0061

Adobe Reader IAV-2009-A-0062

Shockwave  IE IAV 2009-A-0063 Mozilla (we do not use) IAV 2009-A-0063

JPEG GDI 2004-A-0015

Windows Media 2008-B-0081

And as always, thanks for your time and help.

Here is what I would do (since you have multiple machines).  This may only work too for some of the audits that you have listed.

I am not sure if your familiar with the free cleaning tool called CCleaner?  I have found the following to be useful for me.

1.  Download, install, and configure the program CCleaner (talked about in the following post:  http://forums.eeye.com/forums/t/752.aspx )

2.  Download the un-installer tool for Flash Player from Adobe's website:  http://kb2.adobe.com/cps/141/tn_14157.html  OR a direct link to the executable used for Windows from that page is:  http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe

3.  Download the latest version of Adobe Acrobat Reader from:  http://get.adobe.com/reader/?promoid=BUIGO

3.  Take a blank CDR disc and burn to it the entire "CCleaner" file folder (from under Program Files on your system), the flash player un-installer file, and the Adobe Acrobat Reader installation package file.

NOTE:  Make sure you configure CCleaner completely the way you want it before you burn it to the CDR, thus your preferences will stay the same on the disk.

Take this disc you have created to each machine that you are having issues with.

4.  First run the Flash Player un-installer tool to remove any traces of Flash Player.

5.  Un-install Adobe Acrobat (if it is currently on these systems you talked about) either through windows or the un-install function built into CCleaner.

6.  Restart the computer system

7.  Now, run the "Cleaner" function on the left side of CCleaner's sidebar

8.  Run the "Registry" function on the left side of CCleaner's sidebar (be sure to keep running this until nothing shows up in the window).

9.  After running these cleaning options, restart your system and then re-install Adobe Acrobat (update it too) and then Flash Player.

Hopefully this will help you clear up two of your audits.

     I recommended the CCleaner tool on a CDR because it is nice to be able to take to multiple computers, run it, and cleanse each one of these systems without having to install the program on each system.  I have found that it cleans a lot of the junk in your registry that sometimes gets hit on my Retina.

     The remaining audits, eEye will have to provide advice on, because I am not sure exactly what Retina is looking for when it hits on those particular audits.