Forum Discussion
vulnerabilities
hello all I have some vulnerabilities on multiple windows servers 2016, I am looking for a tool to manage those vulnerabilities could anyone help?
1. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability (Follina)
2. Microsoft SQL Server Remote Code Execution (RCE) Vulnerability for June 2022
3. Microsoft Windows Security Update for June 2022
4. Microsoft Windows Security Update for Memory Mapped I/O (MMIO) Stale Data Vulnerabilities (ADV220002)
5. Microsoft Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability for June 2022
6. SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
7. Windows Service Weak Permissions detected
8. SMB Signing Disabled or SMB Signing Not Required
9. Administrator Account's Password Does Not Expire
10. Microsoft Windows Security Update for February 2022
11. Microsoft Internet Explorer Information Disclosure Vulnerability (September 2017)
12. Allowed Null Session
13. Remote Management Service Accepting Unencrypted Credentials Detected (FTP)
14. Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities
2. Microsoft SQL Server Remote Code Execution (RCE) Vulnerability for June 2022
3. Microsoft Windows Security Update for June 2022
4. Microsoft Windows Security Update for Memory Mapped I/O (MMIO) Stale Data Vulnerabilities (ADV220002)
5. Microsoft Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability for June 2022
6. SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
7. Windows Service Weak Permissions detected
8. SMB Signing Disabled or SMB Signing Not Required
9. Administrator Account's Password Does Not Expire
10. Microsoft Windows Security Update for February 2022
11. Microsoft Internet Explorer Information Disclosure Vulnerability (September 2017)
12. Allowed Null Session
13. Remote Management Service Accepting Unencrypted Credentials Detected (FTP)
14. Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities
The best way to manage and handle vulnerabilities is to update your server.
I believe you don't need any standalone vulnerability management tools and just use tools like WSUS to manage Windows Update and make sure you have the latest updates.
I believe you don't need any standalone vulnerability management tools and just use tools like WSUS to manage Windows Update and make sure you have the latest updates.
- first of all thanks for your support, I already downloaded all the updates but I still get the same vulnerabilities
- Are they related to Windows Server or other products?
Also note sometimes vulnerability scanner would have false-positive meaning when it shows a vulnerability it might be incorrect. How are you validating?
- working on them waiting for the new report to see the result .
