J'ai installer hière le logiciel GFI Languard en version d'essai, j'en suis très satisfais mais je n'arrive pas à patcher / résoudre certaines "failles" de sécurité que le logiciel m'indique dans son rapport.
Voici les failles en question :
- OVAL:6956: Information disclosure vulnerability in MHTML
"The MHTML implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer." - AutoShareServer
"The administrative shares (C$,D$,ADMIN$,etc) are available on this machine. For Internal networks these are normally turned on for administrative purposes. For Web server(s) these are normally turned off in order to solidify the possible entry points (since it is more exposed to attacks.). If you don't use them set HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareServer to 0 to prevent creation of these shares. For more information, visit: http://support.microsoft.com/support/kb/articles/Q245/1/17.asp" - AutoShareWKS (! je n'arrive même pas à la trouver dans le regedit !)
"The administrative shares (C$,D$,ADMIN$,etc) are available on this machine. For Internal networks these are normally turned on for administrative purposes. For Web server(s) these are normally turned off in order to solidify the possible entry points (since it is more exposed to attacks.). If you don't use them set HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareWks to 0 to prevent creation of these shares. For more information, visit: http://support.microsoft.com/support/kb/articles/Q245/1/17.asp" Mon OS est Windows 7 x64 Premium
Merci beaucoup d'avance pour votre aide !
