Does anyone know if there is a fix out there for this QID? We suspected the July Windows Patches resolved it, but apparently that is not the case..
QID 91392 provides detection for Microsoft Windows NTFS 3.1 Master File Table DoS vulnerability, butthe Qualys Vulnsigs Team has confirmed that there is currently no known fix for this issue.Proof of concept code :https://packetstormsecurity.com/files/143147/NTFS-3.1-Denial-Of-Service.html
QID 91393 Microsoft Windows Security Update July 2017Includes CVE-2017-8587
I have seen this pop up inconstantly on enterprise Win7 systems. Just haven't had the time to dig into it yet.
We believe this issue was supposed to be resolved by the July Windows OS Updates. Can Qualys confirm this? What does the Qualys Scan check for when it runs the detection for QID 91392?
we pushed the identified patch, no change. Qualys' detection doesn't even state the correct CVE so this is likely getting no attention.
Does Qualys read these boards, or do we need to go through our Company contacts? Microsoft states this was fixed with the above CVE Bulletin released last month. Trying to find out what Qualys checks for and if they have a CVE they are looking against?
We're investigating this and will get back to you today.
Thank you Nicolaus. I've found the link above as well. I've tested the HTML exploit on a Win 7 machine, and did not experience the crash that it says will happen if exploited.
Can you tell us what Qualys scans for when it comes to this Vulnerability?
QID 91392 was created based on the exploit available on Packetstorm. Since, there was no confirmation from the vendor - Microsoft, the QID only checked for supported operating systems - Windows 7, Windows 8 and Windows 8.1.
Thank you for providing the link to MSFT community. Post this, I confirmed that the exploit does not work on patched systems and have deprecated the QID in question. The changes should go through in the next build. Please update to the latest build and re-scan. Thanks!
Retrieving data ...