The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include new checks for 10 vulnerabilities and extensions of public key-length checks to include the issuer certificate chain.
New Vulnerability Test Highlights
- Vulnerability in Schannel Could Allow Remote Code Execution (MS14-066, CVE-2014-6321)
- Vulnerability in XML Core Services Could Allow Remote Code Execution (MS14-067, CVE-2014-4118)
- Vulnerability in Kerberos Could Allow Elevation of Privilege (MS14-068, CVE-2014-6324)
- Vulnerability in TCP/IP Could Allow Elevation of Privilege (MS14-070, CVE-2014-4076)
- Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (MS14-071, CVE-2014-6322)
- Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (MS14-074, CVE-2014-6318)
- Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (MS14-076, CVE-2014-4078)
- Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (MS14-077, CVE-2014-6331)
- Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (MS14-078, CVE-2014-4077)
- Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (MS14-079, CVE-2014-6317)
How to Update?
All Trustwave customers using the TrustKeeper scan engine receive the updates automatically as soon as an update is available. No action is required.