Video Screencast Help
Security Community Blog

Sleuthing Out Microsoft Vulnerabilities with SecurityExpressions

Created: 27 Mar 2007 • Updated: 07 May 2007 • 4 comments
erikw's picture
0 0 Votes
Login to vote

Did you know that in SecurityExpressions there is a rule that scans for all known Microsoft vulnerabilities? Needless to say, functionality like this can help make your network more robust (and your job more secure).

The tool can be placed as a rule in the self-audit section of the SecurityExpressions server.

After creating the rule, you can go to the self-audit Web page on the server.

The tool has a pre-configured rule that automatically checks for all last known vulnerabilities.

After going to the self-audit page, there is an active X component is downloaded to your machine, and the tool does its checking.

The check creates a list of vulnerabilities on the PC in question. You can click the failures it lists and see solutions to your specific vulnerability problems.

SecurityExpressions is a good stable product that gives you lots of scanning possibilities to help you develop a secure environment.

regards
Erik
www.svs4u.nl

Comments 4 CommentsJump to latest comment

trb48's picture

This is a really cool tip, thanks for the update!

How often is SecurityExpressions updated (i.e. monthly, yearly?) That really determines the usefulness to me.

Thanks,

-trb48

+2
Login to vote
erikw's picture

I'm not sure how often it is updated. The rules that I use can be found on the Altiris website. That is available by the Security Expressions configuration.

I really love it.

It is a great tool.

regards
erik

Regards Erik www.DinamiQs.com Dinamiqs is the home of VirtualStorm (www.virtualstorm.org)

*************************************************************
If your issue has been solved, Please mark it as solved
***********

+2
Login to vote
Kevin's picture

Since SecurityExpressions loads an ActiveX control to perform this audit I bet the vulnerability checks come from Microsoft.

So (just guessing here) it would appear that the checks would always be accurate regardless of how often SecurityExpressions is updated.

Can any of you SecurityExpressions gurus fill in the blanks for us?

+2
Login to vote
erikw's picture

No, The rules are not coming from Microsoft.

The results are not always ok. Most scans I did are definitely not ok.

Yes, I am not a real Microsoft lover, but because of the problems they cause with their 'very good' software (did you notice the quotation marks) I and many of us on the Juice have a good job, and enjoy rebuilding MS apps and OS.

regards
erik

Regards Erik www.DinamiQs.com Dinamiqs is the home of VirtualStorm (www.virtualstorm.org)

*************************************************************
If your issue has been solved, Please mark it as solved
***********

0
Login to vote