These alerts were not present until I installed Windows XP SP3. The following are 3 Retina Vulnerability Scan Results which eEye has addressed and noted will be fixed:
---------------------------------------------------------------------------------------------------------------------------------------------------------
Communication History
On 5/6/2008 5:32:53 PM you wrote:
I
just installed Windows XP SP3 on my XP Professional machine. Before I
installed SP3 I did not have any Retina Vulnerability items that needed
to be fixed. After I installed SP3, however, I now have these three
items:
-------------------------------------------------
"Windows Microsoft Data Access Components (MDAC) Remote Code Execution (927779)"
CVE CVE-2006-5559
Description:
A remote code execution vulnerability exists in the ADODB.Connection
ActiveX control that is included in MDAC. An attacker could use a
maliciously crafted web site to take complete control of an affected
system.
How To Fix: Download the update from Microsoft or through automatic updates.
Links Microsoft Security Bulletin MS07-009
Risk 9
--------------
"Windows Microsoft XML Core Services Remote Code Execution (936227) - 2000/XP/2003"
CVE-2007-2223
Description:
A remote code execution vulnerability exists in Microsoft XML Core
Services that could allow an attacker who successfully exploited this
vulnerability to make changes to the system with the permissions of the
logged-on user.
How To Fix: Download the patch from Microsoft or through automatic update.
Links 361968
Secunia Security Advisory
Microsoft Security Bulletin MS07-042
Risk 9
--------------
"Miscellaneous Windows XP SP2 http.sys Stack Corruption"
Description:
A stack corruption vulnerability exists within Microsoft Windows XP SP2
http.sys driver which allows for an attacker to cause the remote host
to stop responding.
How To Fix: Install the appropriate patch.
Links 887742
Risk 6
-----------------------------------------------
Do
I need to install these patches again, or is this something manually
eEye will have to fix in Retina to compensate for the changes made in
SP3?
My Blink information is as follows:
Blink Professional Version 3.5.7, Rule version 1444
AntiVirus Version 1.0.386
Vulnerability Scanner version 5.9.1, Audits version 1892
-----------------------------------------------
On 5/7/2008 1:46:40 PM eEye Digital Security wrote:Hello Jeff,
Can you send me the scanner log file? Let me know if you don't know where this is. Thanks!
Best Regards,
Jon
On 5/7/2008 4:23:28 PM you wrote:Here you go.
On 5/8/2008 12:35:39 PM eEye Digital Security wrote:Hello Jeff,
I have forwarded this issue to the Auditing team. I will keep you posted as I receive feedback. Thanks!
Best Regards,
Jon
On 5/12/2008 2:28:39 PM eEye Digital Security wrote:Hello Jeff,
This issue has been fixed and will be released as part of audits revision 1895. Thanks!Best Regards,
Jon