AnsweredAssumed Answered

VM Scan with Admin shares disabled

Question asked by Salvador Pulido on Sep 19, 2011
Latest reply on Oct 7, 2011 by p2wad

Hi everyone,

 

I've been doing some tests running Vulnerability Scans with admin shares turned on/off.

 

When admin shares are enabled I found:

 

Summary of discovered Vulnerabilities (Trend)

 

Severity 5 "Urgent"                 : 23   (+23)

Severity 4 "Critical"          : 38   (+37)

Severity 3 "Serious"                 : 37   (+20)

Severity 2 "Medium"                 : 16   (+6)

Severity 1 "Minimal"                 : 3    (+1)

 

Total                                                   : 117

 

Then I disable admin shares and the same scan (doing a relaunch scan) results as follow:

 

Severity 5 "Urgent"                 : 0    (-23)

Severity 4 "Critical"          : 1    (-37)

Severity 3 "Serious"                 : 17   (-20)

Severity 2 "Medium"                 : 10   (-6)

Severity 1 "Minimal"                 : 2    (-1)

 

Total                                                   : 30

 

As you can see, almost all Vulnerabilities level 4 and 5 are gone, the procedure to remove admin shares is: http://support.microsoft.com/kb/816524

 

This procedure seems to stop the service svchost.exe, I'd like to know if some one has doing this kind of tests.

 

Best regards, Thank you for your comments.

Outcomes