We have some Vulnerability issues on few of our VMs which are installed Microsoft Windows Servers. few are as follows 1. Information Gathering - Microsoft SQL Server UDP Query Remote Version Disclosure 2. LDAP NULL BASE Search Access 3. LDAP Server NULL Bind Connection Information Disclosure 4. Microsoft Windows SMB NULL Session Authentication Allowed on the server I have few more, which I can share if someone is ready to help me please. Regards, Sushil Tomer

I hope you have a reproducible case and proof of vulnerability exploison. If so, you can submit all your vulnerability discoveries to Microsoft Security Response Center (MSRC) at secure@microsoft.com. Let me know, if I can be of any help. Below details would be helpful while filing the vulnerability incident: Type of issue (buffer overflow, SQL injection, cross-site scripting, for example). Product and version that contains the bug. Service packs, security updates, or other updates for the product you have installed. Any special configuration required to reproduce the issue. Step-by-step instructions to reproduce the issue on a fresh install. Proof-of-concept or exploit code. Impact of the issue, including how an attacker could exploit the issue. You are the Knowledge You have MyWordPress; MyBlogSpot; MyMicrosoft; MyCitrix; MyVMWare; MySymantec; MyLinkedIn; MyFaceBook; MyGReader;

Hi, How did you detect the "Vulnerability issues" on your VMs? If you have Windows Update enabled and configured to be automatically within those VMs, it will get all the required updates. Best Regards, Vincent Hu

Dear Vincent and Gonnala, It was detected by the Security Audit Team by running some VA Tools on my Vblock-0 setup and they found these issues which needs to be taken care. I had mentioned only few of them on the forum. I have a list of total 12 issues in a excel sheet. Please help how can I share the excel sheet on the forum to get the solution. Best Regards, Tomer

You don't have to share the issues on the forum. A better option is to email them to secure@microsoft.com. However, for that you need to ensure that the issue meets the definition of a security vulnerability and is not resolved by the 10 Immutable Laws of Security. An easier way of verifying that it's new vulnerability with Microsoft products, is to have your systems fully updated with security patches and run the VA Tools again. In some cases, it would just turn out to be an incorrect configuration of your Windows infrastrucutre that's still resulting in the vulnerabilities. BTW, what's your Security Audit Team recommendation on remediating the discovered issues? You are the Knowledge You have MyWordPress; MyBlogSpot; MyMicrosoft; MyCitrix; MyVMWare; MySymantec; MyLinkedIn; MyFaceBook; MyGReader;

Hi Govardhan, I have sent the sheet to Secure@microsoft.com. and waiting for their response now. regards, Tomer

Hi, I have not got any response from the Secure@microsoft.com yet. Please help me, as I have to provide the solution by today EOD. Regards, Tomer