Beating Control Scan – Fixing PCI Vulnerabilities

 

Control Scan AKA “PCI ASSURE” is a PCI Scanner used by many Ecommerce Sites. Unfortunately, their scanner can see if it’s a 2003 server; however it’s unable to actually test for these vulnerabilities. That said, here is a common list for a 2003 Web Server and the associated fixes.

 

Possible Microsoft IIS ASP Upload Command Execution Vulnerability

Risk: High (3)
Port: 443/tcp
Protocol: tcp
Threat ID: web_server_iis_aspbo

Details: ASP Upload Command Execution vulnerability

Solution

screenshot showing KB2124261

Run the following from a command prompt and get a screenshot to send in with your dispute.

wmic qfe | find "2124261"

wmic qfe | find "2124261"

VNC VNCLog Buffer Overflow

Risk: High (3)
Port: 5900/tcp
Protocol: TCP
Threat ID: misc_vncbo

Details: VNCLog and Log Buffer Overflows

Solution

I actually use UVNC, so clicking on the UVNC icon then “about…” will display the current version. Send a screen shot with your dispute showing that the server is on a version newer than 1.0.1

About_UVNC

Possible vulnerability in Microsoft Terminal Server

Risk: High (3)
Port: 3389/tcp
Protocol: TCP
Threat ID: misc_msterminal

Details: RDP Denial of Service

http://support.microsoft.com/kb/899591

Solution

This issue is rolled up into Windows 2003 SP2

Right click “My Computer”, go to properties and get a screenshot showing the service pack. Send this to Control Scan to dispute the threat.

2003ServicePack

Solution B

You should also enable RDP over SSL with the following steps.

Start / Administrative Tools / Terminal Services Configuration

Enable_RDP_Over_SSL.png

Right Click on RDP-TCP and choose Properties
Once Properties Pop Up choose the following
Encryption Level High
Select the Certificate
SSL Security Layer

Enable_RDP_Over_SSL-001.png

Microsoft Internet Information Services FTP Server Remote Buffer Overflow

THREAT REFERENCE

Summary:
Microsoft Internet Information Services FTP Server Remote Buffer Overflow

Risk: High (3)
Port: 80/tcp
Protocol: tcp
Threat ID: win_patch_iisftpbo

Details: FTP Server Remote Buffer Overflow

Solution

http://support.microsoft.com/kb/975254

Run the following from a command prompt and get a screenshot to send in with your dispute.

wmic qfe | find "975254"

wmic qfe | find "975254"

Possible Microsoft IIS ASP Remote Code Execution vulnerability

THREAT REFERENCE

Summary:
Possible Microsoft IIS ASP Remote Code Execution vulnerability

Risk: High (3)
Port: 443/tcp
Protocol: tcp
Threat ID: web_server_iis_asp

Details: ASP Remote Code Execution vulnerability

Solution

http://technet.microsoft.com/en-us/security/bulletin/ms06-034

In other words, this is part of 2003 Service pack 1. Send the screenshot from earlier stating the Service Pack is installed.