Removal of TLS 1.0 and 1.1 from internal and external services.
Transport Layer Security (TLS) is a protocol created to provide authentication, confidentiality, and data integrity between two communicating applications. Recent DOICIRC and US-CERT advisories stated that all versions of Secure Socket Layer (SSL), TLS 1.0 and 1.1 services should be disabled throughout our environment, in favor of …
On December 8, 2015, Microsoft released Cumulative Security Update MS15-124 for Internet Explorer to address several reported vulnerabilities, also known as KB3116180.
The update also requires a registry change to be fully compliant. Beginning in January, eVMS began reporting plugin id 87253, MS15-124: Cumulative Security Update for Internet Explorer (3116180) as a High. To help address this vulnerability, …
In the fall of 2014, USGS system administrators started receiving warning messages from the Enterprise Vulnerability Management System (eVMS) from Tenable Nessus plugin 62758 about a MSXML4 vulnerability. It is rated as a Critical Severity vulnerability by NIST strictly because MSXML4 has been at End Of Life (unsupported) since 04/12/2014 as reported by Microsoft.
The following is a guide to help …
Background: The Enterprise Vulnerability Management System (eVMS)/Tenable plugin ID 48762 – MS KB2269637: Insecure Library Loading Could Allow Remote Code Execution – is a high severity vulnerability that has been found on thousands of USGS computer systems. Deploying the Microsoft patch for this vulnerability is a pre-requisite to remediation, but does not fully remediate. To complete the remediation, the CWDIllegalInDllSearch registry …
