file__CProgram%20Files_Microsoft%20Baseline%20Security%20An.pdf

Security Updates

Security assessment:

Incomplete Scan (Could not complete one or more requested checks.)

Computer name: ENGEFRIL\GPDTI

IP address: 192.168.0.100

Security report name: ENGEFRIL - GPDTI (28-03-2015 08-26)

Scan date: 28/03/2015 08:26

Catalog synchronization date:

Security update catalog: Microsoft Update

Score Issue Result

Developer Tools, Runtimes, and Redistributables Security Updates

1 security updates are missing.

Security Updates

Score ID Description Maximum Severity

Missing MS12-021 Security Update for Microsoft Visual Studio 2010 Service Pack 1 (KB2645410) Important

Current Update Compliance


Installed MS11-025 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242)

Important


Important


Important

Installed MS11-049 Security Update for Microsoft Visual Studio 2008 Service Pack 1 XML Editor (KB2251487)

Important

Office Security Updates

13 security updates are missing. 1 service packs or update rollups are missing.

Security Updates


Missing MS15-022 Security Update for Microsoft Word 2013 (KB2956163) 32-Bit Edition Critical

Missing MS15-013 Security Update for Microsoft Office 2013 (KB2910941) 32-Bit Edition Important






Missing MS15-012 Security Update for Microsoft Excel 2013 (KB2920753) 32-Bit Edition Important


Missing MS14-036 Security Update for Microsoft Lync 2013 (KB2881013) 32-Bit Edition Critical

Missing MS13-094 Security Update for Microsoft Outlook 2013 (KB2837618) 32-Bit Edition Important

Missing MS14-001 Security Update for Microsoft Word 2013 (KB2863834) 32-Bit Edition Important


Update Rollups and Service Packs

Score ID Description

Missing 2850036 Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition

SQL Server Security Updates

1 security updates are missing. 2 service packs or update rollups are missing.

Security Updates


Page 1 of 11

28/03/2015file:///C:/Program%20Files/Microsoft%20Baseline%20Security%20Analyzer%202/Print...

Missing MS12-070 Security Update for SQL Server 2012 RTM (KB2716442) Important

Update Rollups and Service Packs

Score ID Description

Missing 2958429 Microsoft SQL Server 2012 Service Pack 2 (KB2958429)

Missing 2285068 Microsoft SQL Server 2008 Service Pack 2 (KB2285068)



Installed MS06-061 MSXML 6.0 RTM Security Update (925673) Critical

Windows Security Updates

17 security updates are missing.

Security Updates


Missing MS15-029 Security Update for Windows 7 for x64-based Systems (KB3035126) Important

Missing MS15-018 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3032359)

Critical



Missing MS15-020 Security Update for Windows 7 for x64-based Systems (KB3033889) Critical

Missing 2984976 Security Update for Windows 7 for x64-based Systems (KB2984976)














Installed MS14-046 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2943357)

Important

Installed MS14-047 Security Update for Windows 7 for x64-based Systems (KB2978668) Important

Installed 2862152 Security Update for Windows 7 for x64-based Systems (KB2862152)

Installed MS15-010 Security Update for Windows 7 for x64-based Systems (KB3013455) Critical


Important

Installed MS13-002 Security Update for Microsoft XML Core Services 4.0 Service Pack 3 for x64-based Systems (KB2758694)

Critical


Installed MS12-045 Security Update for Windows 7 for x64-based Systems (KB2698365)

Installed MS13-052 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414)

Critical






Page 2 of 11





Installed MS14-051 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2976627)

Critical













Important


Installed MS13-082 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2861191)

Critical


Installed MS14-053 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and

Windows Server 2008 R2 SP1 for x64-based Systems (KB2973112)

Important




Installed MS14-072 Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2978128)

Important



Important


Installed 890830 Windows Malicious Software Removal Tool x64 - March 2015 (KB890830)







Important


Critical





Important


Installed MS14-078 Security Update for Windows 7 for x64-based Systems (KB2991963) Moderate





Critical

Page 3 of 11


Installed 976932 Windows 7 Service Pack 1 for x64-based Systems (KB976932)


Important






















Installed MS08-069 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430)

Important





Installed MS13-090 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2900986)

Critical


Critical








Important




Installed MS15-009 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3021952)

Critical



Important


Installed MS14-046 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Important

Page 4 of 11


Windows Scan Results

Administrative Vulnerabilities



Important


Important




Important



Installed 2894844 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2894844)



Important


Installed 2841134 Internet Explorer 11 for Windows 7 for x64-based Systems






Installed MS15-009 Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3034196)

Low



Important



Critical



Critical

SDK Components Security Updates

No security updates are missing.



Installed MS07-028 Security Update for CAPICOM (KB931906) Critical

Silverlight Security Updates

No security updates are missing.



Installed 2977218 Update for Microsoft Silverlight (KB2977218)

Score Issue Result

Password Expiration

All user accounts (3) have non-expiring passwords.

User

Page 5 of 11


Additional System Information

Administrator

BRUNO

Guest

Incomplete Updates

A previous software update installation was not completed. You must restart your computer to finish the installation. If the incomplete installation was a security update, then the computer may be at risk until the computer is restarted.

Windows Firewall

Windows Firewall is disabled and has exceptions configured.

Connection Name Firewall Exceptions

All Connections Off Programs, Services

Bluetooth Network Connection Off* Programs*, Services*

CLARO Off* Programs*, Services*

Hamachi Off* Programs*, Services*

Local Area Connection Off* Programs*, Services*

Wireless Network Connection Off* Programs*, Services*

Local Account Password Test

Some user accounts (2 of 3) have blank or simple passwords, or could not be analyzed.

User Weak Password Locked Out Disabled

Administrator Weak - Disabled

Guest Weak - Disabled

BRUNO - - -

File System All hard drives (2) are using the NTFS file system.

Drive Letter File System

C: NTFS

D: NTFS

Guest Account The Guest account is disabled on this computer.

Autologon Autologon is not configured on this computer.

Restrict Anonymous

Computer is properly restricting anonymous access.

Administrators No more than 2 Administrators were found on this computer.

User

Administrator

BRUNO

Automatic Updates

Updates are automatically downloaded and installed on this computer.

Score Issue Result

Windows Version

Computer is running Microsoft Windows 7.

Page 6 of 11


Internet Information Services (IIS) Scan Results

SQL Server Scan Results: Instance ENGEFRILTI


Auditing Neither Logon Success nor Logon Failure auditing are enabled. Enable auditing and turn on auditing for specific events such as logon and logoff. Be sure to monitor your event log to watch for unauthorized access.

Shares 7 share(s) are present on your computer.

Share Directory Share ACL Directory ACL

HP Color LaserJet CP1510 series PCL6

HP Color LaserJet CP1510 series PCL6,LocalsplOnly

Print Queue Share

Directory ACL can not be read.

IMPRESSORA_TI (HP LaserJet Professional P1102w)

IMPRESSORA_TI (HP LaserJet Professional P1102w),LocalsplOnly

Print Queue Share

Directory ACL can not be read.

ADMIN$ C:\Windows Admin Share NT SERVICE\TrustedInstaller - F, NT AUTHORITY\SYSTEM - RWXD, BUILTIN\Administrators - RWXD, BUILTIN\Users - RX

C$ C:\ Admin Share BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F, BUILTIN\Users -RX, NT AUTHORITY\Authenticated Users - D

D$ D:\ Admin Share BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F, NT AUTHORITY\Authenticated Users - RWXD, BUILTIN\Users - RX

Users C:\Users Administrators -F, Everyone - F

NT AUTHORITY\SYSTEM - F, BUILTIN\Administrators - F, BUILTIN\Users - RX, Everyone - RX

print$ C:\Windows\system32\spool\drivers

Everyone - R, Administrators -F

NT AUTHORITY\SYSTEM - F, BUILTIN\Administrators - F, Everyone - RX

Services No potentially unnecessary services were found.

Score Issue Result

IIS Status IIS is not running on this computer.

Score Issue Result

Service Accounts

SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem.

Instance Service Account Issue

ENGEFRILTIMSSQL$ENGEFRILTI NT Service\MSSQL$ENGEFRILTI

This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error: 1212 The format of the specified domain name is invalid. .

ENGEFRILTISQLAgent$ENGEFRILTINT Service\SQLAgent$ENGEFRILTI


Page 7 of 11


SQL Server Scan Results: Instance MSAS11.ENGEFRILTI


Password Policy Enable password expiration for the SQL server accounts.

SQL Server/MSDE Security Mode

SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode).

Sysadmins More than 2 members of sysadmin role are present.

CmdExec role CmdExec is restricted to sysadmin only.

Registry Permissions

The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

Folder Permissions

Instance Folder User

ENGEFRILTI Internal error. -

Sysadmin role members

BUILTIN\Administrators group is not part of sysadmin role.

Guest Account The Guest account is not enabled in any of the databases.

SSIS Roles The BUILTIN Admin does not belong to the SSIS roles.

Sysdtslog Sysdtslogs90 table does not exist in the Master or MSDB databases

Score Issue Result






Folder Permissions


MSAS11.ENGEFRILTI Internal error. -

Service Accounts

SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem.


[DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

Guest Account [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

Sysadmins [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

Page 8 of 11


SQL Server Scan Results: Instance MSRS11.ENGEFRILTI


SQL Server Scan Results: Instance MSSQL11.ENGEFRILTI


Password Policy [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

SSIS Roles [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

Sysdtslog [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.

Score Issue Result






Folder Permissions


MSRS11.ENGEFRILTI Internal error. -

Service Accounts









Score Issue Result

CmdExec role Error reading registry. If you are scanning a remote computer the Remote Registry service on that computer should be enabled. (13)

Folder Permissions

Permissions on the SQL Server and/or MSDE installation folders are not set properly.

Page 9 of 11


SQL Server Scan Results: Instance ENGEFRILTI (32-bit)


Instance Folder User MSSQL11.ENGEFRILTIC:\Program Files\Microsoft SQL

Server\MSSQL11.ENGEFRILTI\MSSQL\Binn\CREATOR OWNER

MSSQL11.ENGEFRILTIC:\Program Files\Microsoft SQL Server\MSSQL11.ENGEFRILTI\MSSQL\Binn

BUILTIN\Users

MSSQL11.ENGEFRILTIC:\Program Files\Microsoft SQL Server\MSSQL11.ENGEFRILTI\MSSQL\Binn

NT SERVICE\MSSQL$ENGEFRILTI

MSSQL11.ENGEFRILTIC:\Program Files\Microsoft SQL Server\MSSQL11.ENGEFRILTI\MSSQL\Data

\CREATOR OWNER

MSSQL11.ENGEFRILTIC:\Program Files\Microsoft SQL Server\MSSQL11.ENGEFRILTI\MSSQL\Data

NT SERVICE\MSSQL$ENGEFRILTI





Service Accounts









Score Issue Result

Service Accounts

SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem.

Instance Service Account Issue

ENGEFRILTI (32-bit)

MSSQL$ENGEFRILTI NT Service\MSSQL$ENGEFRILTI


ENGEFRILTI (32-bit)

SQLAgent$ENGEFRILTINT Service\SQLAgent$ENGEFRILTI


Page 10 of 11


Desktop Application Scan Results


Password Policy Enable password expiration for the SQL server accounts.



Sysadmins More than 2 members of sysadmin role are present.




Folder Permissions


ENGEFRILTI (32-bit) Internal error. -


BUILTIN\Administrators group is not part of sysadmin role.

Guest Account The Guest account is not enabled in any of the databases.

SSIS Roles The BUILTIN Admin does not belong to the SSIS roles.

Sysdtslog Sysdtslogs90 table does not exist in the Master or MSDB databases

Score Issue Result

IE Zones Internet Explorer zones have secure settings for all users.

Macro Security No supported Microsoft Office products are installed.

Page 11 of 11


Documents

file____C__Program%20Files_Microsoft%20Baseline%20Security%20An.pdf

file__CProgram%20Files_Microsoft%20Baseline%20Security%20An.pdf