Archive for: Vulnerabilities

How to Easily Audit and Protect your Entire Network using GFI LANGuard

GFI LANGuard offers an entire set of tools to audit, evaluate and remediate your network within just a few steps. With this suite you can complete full assessments in your organization about software and operating system vulnerabilities, security baselines and also provides you with the necessary instruments to solve them.

Some of the most important features in GFI LANGuard:

• Powerful network scanning options without the need to deploy agents.
• Reviews and controls vulnerabilities, updates/service packs status (for operating systems and applications), TCP and UDP ports open, and hardware and software inventory.
• Remediation options for deploying updates and service packs.
• Deploy applications in client machines and the possibility for removing unauthorized software.
• Detect and deploy non-Microsoft software to protect the entire operating system.
• Supports UNIX/Linux machines.

Installing and configuring GFI LANGuard can be executed in simple steps since the product was made to facilitate the complex work usually represents audit and remediate your network from vulnerabilities.

To review detailed step-by-step procedures check this link. Here are some of the basic steps:

1. Download GFI LANGuard.

2. Review GFI LANGuard system requirements.

3. Install GFI LANGuard with the simple wizard.

4. Once the product is installed, we can easily run the “Scan” option that will retrieve all the necessary information from our network and as we said, agentless.

a. We can select several types of scan: Quick, Full, Custom or Scheduled.

5. With the scan is complete, we’ll receive a full report about all vulnerabilities found in all OS in our network.

6. In the “Remediate” pane we have all the necessary options to solve the vulnerabilities found. Here we can execute immediate actions in clients like:

a.      Install/Uninstall Microsoft patches.

b.      Install/Uninstall non-Microsoft patches.

c.      Deploy custom software.

d.      Uninstall software.

Here are some valuable links about GFI LANGuard:

• Reviewing GFI LANGuard
• GFI LANGuard system requirements.
• [PDF] GFI LANGuard Getting Started Guide.
• [PDF] GFI LANGuard Manual.
• [PDF] GFI LANGuard Scripting Manual.

Windows 7: Exploit Causes BSoD

Well I guess the timing couldn’t be more perfect, Microsoft released for partners a month ago Windows 7 and will be released to public n October 22; and we have already a big exploit going around.

A report said that vulnerability was found using the Server Message Block 2.0 protocol (SMB2) that causes the one and only BSoD (Blue Screen of Death). That includes not only all Windows 7 versions (32 and 64 bits included), but Windows Vista and Windows Server 2008; since all of these operating systems are using the same protocol.

Picture taken from a Nine Inch Nails Concert

On the good side, since the protocol it is commonly used only in LAN networks, the attacker should be in the same network segment as you. The funny thing is that this same exploit appeared in Windows 2000 and Windows XP, and Microsoft released of course an update to solve this security hole.

Even though Microsoft it is informed about this issue, there is no patch available to solve this inconvenient. Here’s a quick description about the exploit:

“SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for further communication.

An attacker can remotely crash without no user interaction, any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they don’t have this driver.”

And how can I disable SMB? Access the TCP/IP properties from your network adapter and uncheck the “File and Printer Sharing for Microsoft Networks”.