Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PCI Scan- Microsoft Security Bulletin MS10-040 and KB982666

Posted on 2014-03-17
1
Medium Priority
?
873 Views
Last Modified: 2014-04-24
I just received a failure on our PCI scan and one of the failures was for KB982666.  We have SBS 2011 Standard 64bit SP1 and the WSUS server shows that I do not need that security update.  But if you read the bulletin it says I don't and that I do.

"Is my computer vulnerable if I have not installed KB973917?
Systems running supported editions of Windows Server 2003, Windows Vista, and Windows Server 2008 that do not have KB973917 installed are not vulnerable. Systems running supported editions of Windows 7 and Windows Server 2008 R2 are vulnerable."

And actually there were 4 security bulletins that were given for the failure and all the KB security updates in them our server shows they are not needed.  I am not sure if I should be downloading these manually and install them.  Any suggestions?
0
Comment
Question by:gseales
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 39936077
The scanner probably just doing diligence to check on the latest and completeness of the various OS security patches applied compared to your target server. Not all scan findings can be true positive hence the need to make the assessment on the relevance and impacts of the findings. In this KB, it applies for IIS and if server dont even have IIS then it is not relevant at all.  

Having said that, the point is trust but verify. In this KB, it is supposed to have the extended protection enabled which is supposed to enhance the IIS security. When MS say that it is not applicable or not "affected" is on the basis that this feature is disabled, hence not "affected". So if you look at the kb973917, you can verify from registry if it is enabled or disabled - just to confirm. Then again, if this is disabled, it also means  the server is subjected to other form of attacks like man in the middle etc which Extended protection is supposed to prevent and protect against.  

For other false positive if deem, it is always best to verify again. But having to pass pci scan does not ascertain the state of server is secure too. So it is still best to have the latest patch applied as well (my personnel view)
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question