Patch Management Solution

 View Only

  • 1.  MS17-010 for Windows SMB Server?

    Posted Apr 18, 2017 07:39 PM

    One of my security guys is saying that their Nessus scan is detecting quite a few desktops that don't have MS17-010.  However, my SMC (8.0) indicates this bulletin isn't applicable to any of our Windows workstations and we don't use Altiris to manage servers.  I'm not sure whether my console or Nessus is giving incorrect results where the applicability of MS17-010 is concerned in our environment.  Yes...I did deploy it a while ago but, again, show 0 targeted computers.  Would appreciate any comments on this issue.  Thanks in advance!



  • 2.  RE: MS17-010 for Windows SMB Server?

    Trusted Advisor
    Posted Apr 19, 2017 04:15 AM

    Hi Clint,

    Have you tried installing MS17-010 on a machine that Nessus has deemed it is required for? 

    If it installs fine, then the machine needed it and you can contact Symantec Support and raise it as a bug.
    If it doesn't install, then you can probably assume that Nessus is incorrect and you could contact their support to find out why. 

    Thanks



  • 3.  RE: MS17-010 for Windows SMB Server?

    Posted Apr 19, 2017 05:00 AM

    Just what I was going to suggest.

    Our security team use the Qualys tool, the report from that ususally shows what file and/or registry key it's looked at to determine if te vulnerability exists, does Nessus do the same?



  • 4.  RE: MS17-010 for Windows SMB Server?

    Posted Apr 27, 2017 03:14 PM

    Unfortunately MS17-010 may not be the only problem in my environment.  I discovered that the Windows System Assessment Scan wasn't running on a whole bunch of workstations due to the lack of new hardened certs.  The following tech article outlines the fix I implemented although, at least for me, I had to explicitly specify the target location for the SHA2 cert as taking the Automatic option has it going to who knows where.

    https://support.symantec.com/en_US/article.TECH239756.html



  • 5.  RE: MS17-010 for Windows SMB Server?

    Trusted Advisor
    Posted Apr 28, 2017 04:30 AM

    Hi Clint,

    I had quite a few customers which experienced this issue also.

    I spoke to Symantec about this at the time as it was before the tech article was created and they suggested that we added the certs to the Notification Server Communication Profile. We tested this and it worked well for all customers that were facing this issue. 

    For info, it can be found by navigating to:
    Settings > All Settings
    Expand Settings, Agents/Plug-ins, Symantec Management Agent, Symantec Management Agent Communication profiles
    Click on your NS which is listed in this folder, and add the certificates to this by clicking edit against the option "SSL certificates are defined for current profile."

    This works regardless if you customer is using HTTPS or HTTP to communicate to the NS. 


    Have you got any further questions on this?

    Thanks