AnsweredAssumed Answered

issues on Windows server 2012 R2

Question asked by Vladimir Cruz on Jun 5, 2015

Hi guys!

We launched an authenticated scan over a Windows Server 2012 R2. According to qualys’ report these are the issues:

  1. Enabled DCOM:

We found solutions on Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. As I said, this is a Windows Server 2012 R2 (in fact, qualys has recognized it correctly) so, could we assume as a false positive? Are we missing something else?

  1. Internet Explorer SSL 3.0 Information Disclosure Vulnerability

Our Windows server administrator sent us Internet configuration and shows SSLv2 and v3 disabled. Do we have to do anything else?

  1. Insecure Microsoft Internet Explorer Intranet Zone User Setting Detected

Our Internet zone is setting to high. False positive?

  1. SSL/TLS use of weak RC4 cipher

As I said before, we have activated TLS 1.0 or later. Should we use only TLS 1.2? How cannot use  RC4?

I apologize if there are other issues of these vulnerabilities.

                Thanks in advanced

Outcomes