Retina - Network Security Scanner Network Vulnerability Assessment & Remediation Management 20.01.2012 - Report created by Retina version 5.10.0 Remediation Report CONFIDENTIAL INFORMATION The following report contains company confidential information. Do not distribute, email, fax, or transfer via any electronic mechanism unless it has been approved by the recipient company's security policy. All copies and backups of this document should be saved on protected storage at all times. Do not share any of the information contained within this report with anyone unless they are authorized to view the information. Violating any of the previous instructions is grounds for termination. Retina - Network Security Scanner Network Vulnerability Assessment & Remediation Management 20.01.2012 - Report created by Retina version 5.10.0 Metrics for 'Complete Scan' File name: K:\Retina 5\Scans\CompleteScan.rtd Audits revision: Scanner version: 5.10.0 Start time: 20.01.2012 21:07:43 Duration: 0d 0h 1m 35s Credentials: - Null Session - Audit groups: All Audits Address groups: N/A IP ranges: 192.168.0.104 Total hosts attempted: 1 Total hosts scanned: 1 No access: 0 Retina - Network Security Scanner Network Vulnerability Assessment & Remediation Management 20.01.2012 - Report created by Retina version 5.10.0 192.168.0.104 HIGHFLYE-02D395 Windows XP, Service Pack 3 Microsoft DirectX MJPEG/SAMI File Handling Vulnerabilities (951698) - XP Audit ID: 6774 Vul ID: Risk Level: High Sev Code: PCI Severity Level: 5 (Urgent) CVSS Score: Category: Windows Description: Multiple vulnerabilities exist in Microsoft DirectX when handling malformed MJPEG and SAMI files that could allow remote execution of arbitrary code in the context of the logged in user. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: KB951698 (http://support.microsoft.com/default.aspx?scid=951698) Microsoft Security Bulletin MS08-033 (http://www.microsoft.com/technet/security/bulletin/MS08-033.mspx) Secunia Advisory - 30579 (http://secunia.com/advisories/30579/) SecurityTracker ID - 1020222 (http://www.securitytracker.com/alerts/2008/Jun/1020222.html) CVE: CVE-2008-0011 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20080011) - A remote code execution vulnerability exists in the way that the Windows MJPEG Codec handles MJPEG streams in AVI or ASF files. A user would have to preview or play a specially crafted MJPEG file for the vulnerability to be exploited. CVE-2008-1444 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20081444) - A remote code execution vulnerability exists in the way DirectX handles supported format files. This vulnerability could allow remote code execution if a user opened a specially crafted file. IAV: BugtraqID: 29578 (http://www.securityfocus.com/bid/29578) - Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability 29581 (http://www.securityfocus.com/bid/29581) - Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Null Session Registry Settings Audit ID: 2913 Vul ID: Risk Level: High Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: NetBIOS Description: Anonymous access to the Registry is not restricted. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: How to Use the RestrictAnonymous Registry Value in Windows 2000 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q246261) Restricting Information Available to Anonymous Logon Users (Windows NT) (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q143474) Win.Mit.Edu Null Session Documentation (http://mit.edu/pismere/support/for-cont-admins/null-session-info.html) CVE: CVE-2000-1200 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20001200) - The target machine allows null sessions over which a restricted but significant amount of data may be harvested anonymously, indicating that the system's RestrictAnonymous level is set to 1. Although anonymous user and group enumeration is prevented, information on known users and groups can still be obtained. IAV: BugtraqID: 494 (http://www.securityfocus.com/bid/494) - Limited Null Session STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Account Lockout Duration Audit ID: 1051 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Accounts Description: Account lockout duration determines the number of minutes a locked out account remains locked before automatically becoming unlocked. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Account Lockout Threshold Audit ID: 1053 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Accounts Description: The account lockout threshold determines the number of failed logon attempts that will cause a user account to be locked out. Note: Linux/Unix based systems running Samba are also affected by this notification. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Account Lockout Threshold - FDCC Audit ID: 6410 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Accounts Description: The account lockout threshold determines the number of failed logon attempts that will cause a user account to be locked out. Federal Desktop Core Configuration (FDCC) compliance requires account lockout threshold be set at 5 invalid login attempts. (Note: Linux/Unix based systems running Samba are also affected by this notification.) How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Auto Sharing Drive Problem - Server Audit ID: 418 Vul ID: Risk Level: Sev Code: Medium PCI Severity Level: 1 (Low) CVSS Score: Category: Registry Description: By Default, all drives on a machine are shared using hard coded Administrative ACL's. Even if these shares are removed, they are recreated each time the system reboots. Note: disabling automatic drive sharing on the target may hinder Retina's ability to scan the target. Disable drive sharing only if you require it for your local security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Auto Sharing Drive Problem - Wks Audit ID: 419 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Registry Description: By Default, all drives on a machine are shared using hard coded Administrative ACL's. Even if these shares are removed, they are recreated each time the system reboots. Note: disabling automatic drive sharing on the target may hinder Retina's ability to scan the target. Disable drive sharing only if you require it for your local security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Clear Page File Audit ID: 173 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 2 (Medium) CVSS Score: Category: Registry Description: The page file is used for virtual memory. It can contain sensitive information such as usernames and passwords. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Dialup Save Password Audit ID: 202 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Remote Access Description: It is recommended not to cache your Dial-up Networking passwords. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: 1 (100,0% of Total Scanned) Affected Items: Microsoft Windows Domain Name System (DNS) Spoofing (953230) - Client Audit ID: 6919 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 4 (Critical) CVSS Score: Category: DNS Services Description: A spoofing vulnerability exists in Windows DNS client and Windows DNS server. This vulnerability could allow a remote unauthenticated attacker to quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting Internet traffic. Additionally, a cache poisoning vulnerability exists in Windows DNS Server. The vulnerability could allow an unauthenticated remote attacker to send specially crafted responses to DNS requests made by vulnerable systems, thereby poisoning the DNS cache and redirecting Internet traffic from legitimate locations. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: KB953230 (http://support.microsoft.com/default.aspx?scid=953230) Microsoft Security Bulletin MS08-037 (http://www.microsoft.com/technet/security/bulletin/MS08-037.mspx) Secunia Advisory - 30925 (http://secunia.com/advisories/30925/) CVE: CVE-2008-1447 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20081447) - A spoofing vulnerability exists in Windows DNS client and Windows DNS server. This vulnerability could allow a remote unauthenticated attacker to quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting Internet traffic. CVE-2008-1454 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20081454) - A cache poisoning vulnerability exists in Windows DNS Server. The vulnerability could allow an unauthenticated remote attacker to send specially crafted responses to DNS requests made by vulnerable systems, thereby poisoning the DNS cache and redirecting Internet traffic from legitimate locations. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Microsoft Windows Null Sessions can Enumerate Local SAM Accounts and Shares Audit ID: 6607 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: Windows Description: Anonymous access to the Registry is not restricted. Null Sessions can Enumerate Local SAM Accounts and Shares. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: Affected Items: 1 (100,0% of Total Scanned) Min Password Length Audit ID: 12 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 5 (Urgent) CVSS Score: Category: Accounts Description: The minimum password length does not contain the recommended amount of characters required for a password. Note: Linux/Unix based systems running Samba are also affected by this notification. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0535 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990535) - A Windows NT account policy for passwords has inappropriate, securitycritical settings, e.g. for password length, password age, or uniqueness. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Min Password Length - FDCC Audit ID: 6411 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 5 (Urgent) CVSS Score: Category: Accounts Description: The minimum password length does not contain the recommended amount of characters required for a password. Note: Linux/Unix based systems running Samba are also affected by this notification. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0535 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990535) - A Windows NT account policy for passwords has inappropriate, securitycritical settings, e.g. for password length, password age, or uniqueness. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: MS RAS Encrypt Audit ID: 208 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: Remote Access Description: The current MS RAS (Remote Access Server) is not encrypting data transfers. It is recommended to encrypt all transfers between client and server. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: MS RAS Logging Audit ID: 209 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Registry Description: The current MS RAS (Remote Access Server) is not logging connections. It is recommended to log all RAS connection information. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: MSCHAPv2 VPN Audit ID: 185 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Registry Description: It is recommended to enforce MSCHAP V2; this forces the server to drop any VPN (Virtual Private Network) connections that do not use MSCHAP V2 authentication. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: 1 (100,0% of Total Scanned) Affected Items: NTFS 8 Dot 3 Audit ID: 186 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: Registry Description: NTFS has the ability to support backwards compatibility with older 16 bit apps. It is recommended not to use 16-bit apps on a secure server. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: KB121007 (http://support.microsoft.com/kb/121007) KB210638 (http://support.microsoft.com/kb/210638) KB889506 (http://support.microsoft.com/default.aspx?scid=889506) CVE: CVE-1999-0012 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990012) - Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: Affected Items: PPP Client Security 1 (100,0% of Total Scanned) Audit ID: 219 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Remote Access Description: By default, users are permitted to make RAS connections without any sort of authentication. It is recommended that you require users to authenticate themselves. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Printer Driver Sec Audit ID: 190 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: Registry Description: By default, any low level user can bypass the security of the local NT system and install a trojan printer driver. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0534 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990534) - A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Shutdown without Logon Audit ID: 192 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 2 (Medium) CVSS Score: Category: Windows Description: By default Windows NT will allow anyone local to the console (meaning with physical access) to shutdown the server. It is recommended that you only allow logged in users to shutdown a server. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0593 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990593) - A user is allowed to shut down a Windows NT system without logging in. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Windows System Events Logs Overwritten Audit ID: 2056 Vul ID: Risk Level: Medium Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Miscellaneous Description: Retina has detected that the system allows System Event logs to be overwritten when the logs are full. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: Microsoft Homepage (http://www.microsoft.com) CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Allocate floppies Audit ID: 167 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: Registry Description: The allocation of the floppy drive should be restricted to only the currently logged in user. If an attacker has the ability to place a disk in your drive this registry fix will help to make sure they are not able to execute a malicious program from the floppy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: CVE-1999-0594 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990594) - A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Audit Backup and Restore Audit ID: 890 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: Miscellaneous Description: Unauthorized users that can restore or backup files to a new directory, can compromise those files. Enable auditing of backups and restores for maximum security systems. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: Affected Items: 1 (100,0% of Total Scanned) Cannot Change Password Audit ID: 7 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 2 (Medium) CVSS Score: Category: Accounts Description: It is recommended that a machine be set up so that a user has the ability to change their password; otherwise password changes will occur less frequently. However, if this account is one that is used by a system service the ability to change passwords is not something that is required. Note, Linux/Unix based systems running Samba are also affected by this notification. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: - ASPNET - LNSS_MONITOR_USR CD Auto Run Audit ID: Vul ID: 172 Risk Level: Low Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: Registry Description: When Auto Run is enabled, CDROMs that are inserted into the CDROM drive are automatically run. When a computer is in the reach of being physically accessed, having a CDROM automatically run can lead to virus's and even trojan horses being loaded onto your system. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-2000-0155 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20000155) - When Auto Run is enabled, CDROMs that are inserted into the CDROM drive are automatically run. When a computer is in the reach of being physically accessed, having a CDROM automatically run can lead to virus's and even trojan horses being loaded onto your system. IAV: BugtraqID: 993 (http://www.securityfocus.com/bid/993) - Microsoft Windows autorun.inf Vulnerability STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Forced Logoffs Disabled Audit ID: 2116 Vul ID: Risk Level: Sev Code: Low PCI Severity Level: CVSS Score: Category: Accounts Description: Retina has detected that network logoff times are not enforced on the scanned system. Even if a user has specific times at which he or she is not allowed to be logged on, any network connections already open on the system will persist indefinitely. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: MSKB Article 263006: Conflicts with Windows 95/98 and NT 4.0 (http://support.microsoft.com/default.aspx?scid=kb;EN-US;263006) CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: ICMP Timestamp Request Audit ID: 3688 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: IP Services Description: ICMP Timestamp request is allowed from arbitrary hosts. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0524 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990524) - ICMP information such as netmask and timestamp is allowed from arbitrary hosts. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Last Username Audit ID: 9 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 5 (Urgent) CVSS Score: Category: Accounts Description: By default Windows NT will display the last user to log on to the server. This gives an attacker a starting point to try to crack the password of the account last shown and therefore create a window into your network. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0592 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990592) - The Logon box of a Windows NT system displays the name of the last user who logged in. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Microsoft Windows Computer Browser Enabled - FDCC Audit ID: 6608 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: The computer browser service has not been disabled. Federal Desktop Core Configuration (FDCC) compliance requires the computer browser service to be disabled. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines 1 (100,0% of Total Scanned) Affected: Affected Machines: Affected Items: Microsoft Windows LAN Manager Authentication Level Audit ID: 6878 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: The LAN Manager challenge/response authentication protocol is improperly set. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Min Password Age Audit ID: 11 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 5 (Urgent) CVSS Score: Category: Accounts Description: The minimum password age is the least amount of days before a user can change their password again. If there is no minimum password age set user passwords can be changed too often and users could begin to forget passwords or start reusing old passwords. Note: Linux/Unix based systems running Samba are also affected by this notification. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0535 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990535) - A Windows NT account policy for passwords has inappropriate, securitycritical settings, e.g. for password length, password age, or uniqueness. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Password Does Not Expire Audit ID: 13 Vul ID: Risk Level: Sev Code: Low PCI Severity Level: 5 (Urgent) CVSS Score: Category: Accounts Description: If a users password does not expire you allow a remote attacker endless amount of time to try to figure out your users password. It is recommended that you make all users passwords expire unless the user account is used for a system service. Note, Linux/Unix based systems running Samba are also affected by this notification. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0535 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990535) - A Windows NT account policy for passwords has inappropriate, securitycritical settings, e.g. for password length, password age, or uniqueness. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: - Admin - ASPNET - LNSS_MONITOR_USR Password History Audit ID: 14 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: CVSS Score: 5 (Urgent) Category: Accounts Description: Password History is the number of passwords Windows NT will remember so that users cannot use the same password twice. It is recommended that you set the history length to 24. Note: Linux/Unix based systems running Samba are also affected by this notification. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0535 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990535) - A Windows NT account policy for passwords has inappropriate, securitycritical settings, e.g. for password length, password age, or uniqueness. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Scheduler Service Potential Security Hazard Audit ID: 899 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 3 (High) CVSS Score: Category: Registry Description: If you do not use the Task scheduler you should disable the service. The task scheduler is often used in malicious hacking attacks to run trojan code. It has also been used in the past to elevate local privileges. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Windows Application Events Logs Overwritten Audit ID: 2104 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Miscellaneous Description: Retina has detected that the system allows Application Event logs to be overwritten when the logs are full. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: Microsoft TechNet: Event Log security tips (http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch06.mspx ) CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Windows Legal Notice Caption Not Enabled Audit ID: 2053 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Miscellaneous Description: Retina has detected that the legal notice caption is not enabled on this machine. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: Legal Notices (http://windows.stanford.edu/docs/legalnotice.html) CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: Affected Items: 1 (100,0% of Total Scanned) Windows Security Events Logs Overwritten Audit ID: 2103 Vul ID: Risk Level: Low Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Miscellaneous Description: Retina has detected that the system allows Security Event logs to be overwritten when the logs are full. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: DCOM Enabled Audit ID: 5853 Vul ID: Risk Level: Sev Code: Information PCI Severity Level: 1 (Low) CVSS Score: Category: RPC Services Description: DCOM (Distributed Component Object Model) has been detected on the target system. Although a patched system is not necessarily vulnerable, DCOM is historically known to have many security holes. It is recommended that DCOM be disabled if not required for normal operation of the machine. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: CVE-1999-0658 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-19990658) - DCOM is running. IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: ISAKMP Server detected Audit ID: 1428 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Description: IP Services Retina has found an ISAKMP service running on the scanned host. This check is simply to provide information on what is active within the network. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: - UDP:500 Microsoft Update Not Installed Audit ID: 3009 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 2 (Medium) CVSS Score: Category: Windows Description: Microsoft Update is not found on this system. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: Microsoft Update Homepage (http://update.microsoft.com/microsoftupdate) CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Microsoft Windows - Digitally Sign Communications (always) Audit ID: 6606 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: Determines if the system always requires the communications to be signed by the Server Message Block (SMB) Server. (Note: This ensures interoperability between Legacy Windows NT 4.0 systems.) How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: 1 (100,0% of Total Scanned) Affected Items: Microsoft Windows Automatic MTU Size Detection Audit ID: 6790 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: Automatic detection of the MTU size is not enabled. When this setting is enabled, the TCP stack tries to automatically discover the Maximum Transmission Unit (MTU or the largest packet size) over the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Microsoft Windows Malicious Software Removal Tool Audit ID: 2729 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Miscellaneous Description: Retina has found that the Microsoft Malicious Software Removal Tools is either not installed, and/or is not up-to-date with the latest definitions. The Microsoft Malicious Software Removal tool checks systems running Windows XP, Windows 2000 and Windows 2003 for malicious software. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: 891716 (http://support.microsoft.com/kb/891716) Microsoft Windows Malicious Software Removal Tool (http://www.microsoft.com/security/malwareremove/default.mspx#run) CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Microsoft Windows mshta.exe ACL Audit ID: 6416 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: The ACL for mshta.exe is improperly configured. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Microsoft Windows sc.exe ACL Audit ID: 6415 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: The ACL for sc.exe is improperly configured. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Service Control - Background Intelligent Transfer Service Audit ID: 5340 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Service Control Description: This check verifies that the startup type for the Background Intelligent Transfer Service service is properly configured to be Manual. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Service Control - Error Reporting Service Audit ID: 5354 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Service Control Description: This check verifies that the startup type for the Error Reporting Service service is properly configured to be Disabled. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Service Control - Remote Access Connection Manager Audit ID: Vul ID: 5400 Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Service Control Description: This check verifies that the startup type for the Remote Access Connection Manager service is properly configured to be Disabled. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Service Control - Universal Plug and Play Device Host Audit ID: 5437 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Service Control Description: This check verifies that the startup type for the Universal Plug and Play Device Host service is properly configured to be Disabled. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Service Control - WebClient Audit ID: 5443 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Service Control Description: This check verifies that the startup type for the WebClient service is properly configured to be Disabled. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Service Control - Wireless Zero Configuration Audit ID: 5454 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Service Control Description: This check verifies that the startup type for the Wireless Configuration service is properly configured to be Disabled. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: Affected Items: 1 (100,0% of Total Scanned) Skype P2P Client Installed Audit ID: 2749 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 2 (Medium) CVSS Score: Category: Peer-To-Peer Description: Retina has found that the Skype P2P client file sharing software is installed. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: Skype Homepage (http://www.skype.com) CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: User Never Logged On Audit ID: 18 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 2 (Medium) CVSS Score: Category: Windows Description: It is suggested that you review this user account. If it is not needed or was not created by an administrator of your network, it is suggested that you disable or delete it. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: - ASPNET - LNSS_MONITOR_USR Verify Microsoft Windows Anonymous SID/Name Translation Audit ID: 6798 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that Anonymous SID/Name Translation is disabled. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Default IPSec Exemptions - FDCC Audit ID: 6827 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that default IPSec exemptions are defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Event Retention Method - FDCC - Application Audit ID: 6824 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that an event retention method is defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Event Retention Method - FDCC - Security Audit ID: 6825 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that an event retention method is defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Event Retention Method - FDCC - System Audit ID: 6826 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that an event retention method is defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Hidden Computer Name - FDCC Audit ID: 6823 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that the "Hide computer from the browse list" setting is defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows LDAP Server Signing Requirements - FDCC Audit ID: 6836 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that LDAP server signing requirements are defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Password Complexity Audit ID: 6799 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that password complexity requirements are enforced. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Refuse Account Password Changes - FDCC Audit ID: 6837 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that the security option for changing machine account passwords is defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows SDDL DCOM Access Restrictions - FDCC Audit ID: 6833 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that Security Descriptor Definition Language (SDDL) DCOM access restrictions are defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows SDDL DCOM Launch Restrictions - FDCC Audit ID: 6834 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that Security Descriptor Definition Language (SDDL) DCOM launch restrictions are defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Server Operating Task Scheduling - FDCC Audit ID: 6835 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that server operator task scheduling is defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Verify Microsoft Windows Smart Card Logon - FDCC Audit ID: 6838 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Windows Description: This is an informational check. Manually check to ensure that smart card logons are defined per company security policy. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: Affected Items: VPN Server 1 (100,0% of Total Scanned) Audit ID: 1054 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: IP Services Description: Retina has found a VPN server installed on your network. This check is simply to provide you with information on what is active within your network. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: - TCP:1723 Windows Legal Notice Text Not Enabled Audit ID: 6421 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 1 (Low) CVSS Score: Category: Miscellaneous Description: Retina has detected that the legal notice text is not enabled on this machine. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: Legal Notices (http://windows.stanford.edu/docs/legalnotice.html) CVE: IAV: BugtraqID: STIG: Total Machines Affected: 1 (100,0% of Total Scanned) Affected Machines: Affected Items: Windows USB Storage Device Interface Enabled Audit ID: 1834 Vul ID: Risk Level: Information Sev Code: PCI Severity Level: 2 (Medium) CVSS Score: Category: Miscellaneous Description: Retina has detected that the USB storage interface is enabled on the targeted host. By having the USB interface enabled, this potentially allows for users to copy files onto a USB key or hard drive to take company data home. How To Fix: For information on how to protect against this vulnerability, upgrade to the full version of Retina. Related Links: Disable the Use of USB Storage Devices (http://support.microsoft.com/default.aspx?scid=kb;en-us;823732) CVE: IAV: BugtraqID: STIG: Total Machines Affected: Affected Machines: Affected Items: Notes: 1 (100,0% of Total Scanned)